Section: Other Grants and Activities
Category: ANR-RNTL project
Duration: February 2007 - February 2010
Partners: INRIA-SMIS (coordinator), Univ. Versailles-PRiSM, Gemalto, Santeos (Atos Origin), ALDS
Description: The goal of the PlugDB project is to design and experiment new technologies dedicated to a secured and ubiquitous management of personal data. Existing solutions for sharing and manipulating personal data (medical, social, administrative, commercial, professional data, etc.) are usually server-based. These solutions suffer from two weaknesses. The first one lies in the impossibility to access the data without a permanent, reliable, secured and high bandwidth connection. The second weakness is the lack of security warranties as soon as the data leaves the security realm of the server. The PlugDB project addresses these limitations with the help of a new secured device named SPT (Secure Portable Token). A SPT combines the intrinsic security of smart cards with the storage capacity of USB keys (several GB soon) and the universality of the USB protocol. The project innovation lies in the association of sophisticated data management techniques with cryptographic protocols embedded in a SPT-like device. More precisely, a specific DBMS engine must be designed to match the peculiarities of the SPT storage memory (NAND Flash) and the limited processing capacities of its microcontroller. New cryptographic protocols dedicated to the protection of the data at rest as well as to the data in transit in collaborative scenarios must also be designed. The DMSP project will serve as a testbed for the PlugDB technology.
Category: ANR-ARPEGE project
Duration: Jan 2009 Jan 2012
Partners: SopinSpace (coordinator), INRIA (SMIS, SECRET), CECOGI
Description: The design and implementation of large-scale infrastructure for sensitive and critical data (e.g., electronic health records) have to face a tangle of legal provisions, technical standards, and societal concerns and expectations. DEMOTIS project aims to understand how the intrication between legal and technical domains constrains the design of such data infrastructures. DEMOTIS consists of two interdependent facets: legal (health law, privacy law, intellectual property law) and computer science (database security, cryptographic techniques). Combining expertise of jurists and computer scientists should help to better assess whether law statements can be actually put in practice, to characterize the related technological challenges when mismatches are detected and, when possible, to suggest preliminary solutions.