Abstract
Digital identities and profiles are valuable assets: they are more and more relevant to allow people to access services and information on the Internet. They need to be secured and protected. Unfortunately people have little control over the destiny of this information once it has been disclosed to third parties. People rely on enterprises and organizations for its management. In most cases this is a matter of trust. This paper describes an approach to make organizations more accountable, provide strong but not impregnable privacy enforcement mechanisms and allow users to be more involved in the management of the privacy of their confidential information. As part of our ongoing research, we introduce a technical solution based on ”sticky” privacy policies and tracing services that leverages Identifier-based Encryption (IBE) along with trusted platform technologies such as TCPA (TCG) and Tagged Operating Systems. Work is in progress to prototype this solution.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 213. Springer, Heidelberg (2001)
Chen, L., Harrison, K., Moss, A., Soldera, D., Smart, N.P.: Certification of Public Keys within an Identity Based System. In: Proc. 8th ACM Conference on Computer and Communications Security. LNCS, pp. 332–333. Springer, Heidelberg (2002)
Cocks, C.: An Identity Based Encryption Scheme based on Quadratic Residues. Technical report, Communications Electronics Security Group (CESG), UK (2001)
TCPA: Trusted Computing Platform Alliance Main Specification v1.1 (2001), http://www.trustedcomputing.org
Beres, Y., Dalton, C.I.: Dynamic Label Binding at Runtime. In: Proceeding of New Security Paradigms Workshop (August 2003)
W3C: The Platform for Privacy Preferences 1.0 specification, P3P 1.0 (2002), http://www.w3.org/tr/p3p
Liberty Alliance: Liberty Alliance Project (2002), http://www.projectliberty.org/
Microsoft: Microsoft. .NET Passport (2002), http://www.microsoft.com/netservices/passport/
Karjoth, G., Hunter, M.: Privacy Policy Model for Enterprises, IBM Research, Zurich. In: 15th IEEE Computer Foundations Workshop (2002)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL). Technical report, IBM (2003)
Pearson, S.: A Trusted Mechanism for User Self-Profiling in E-Commerce. Selected Papers from Special Track on Privacy and Protection with Multi-Agent Systems, LNAI journal, Springer (2003)
Pearson, S. (ed.): Trusted Computing Platforms. Prentice-Hall, Englewood Cliffs (2002)
Housley, R., Ford, W., Polk, W., Solo, D.: RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL profile. Technical report, IETF (1999)
Casassa Mont, M., Baldwin, A., Goh, C.: POWER Prototype: Towards Integrated Policy-based Management. In: NOMS 2000 (2000)
Microsoft: Microsoft NGSCB: Next Generation Secure Computing Base, Technical FAQ (2003)
Casassa Mont, M., Brown, R.: PASTELS project: Trust Management, Monitoring and Policy-driven Authorization Framework for E-Services in an Internet based B2B environment. Technical report, HP Labs, HPL-2001-28 (2001)
Baldwin, A., Shiu, S.: Enabling Shared Audit Data. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 14–28. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mont, M.C., Pearson, S., Bramhall, P. (2003). Towards Accountable Management of Privacy and Identity Information. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive