Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Communications of the ACM
Role-Based Access Control Models
Computer
Proceedings of the 4th ACM conference on Computer and communications security
Communications of the ACM
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Cryptographic Key Generation from Voice
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
ERCIM'02 Proceedings of the User interfaces for all 7th international conference on Universal access: theoretical perspectives, practice, and experience
An audit trail service to enhance privacy compliance in federated identity management
CASCON '07 Proceedings of the 2007 conference of the center for advanced studies on Collaborative research
Patient-centric authorization framework for sharing electronic health records
Proceedings of the 14th ACM symposium on Access control models and technologies
Localization of credential information to address increasingly inevitable data breaches
Proceedings of the 2008 workshop on New security paradigms
The security and privacy implications of using social networks to deliver healthcare
Proceedings of the 3rd International Conference on PErvasive Technologies Related to Assistive Environments
Information rich monitoring of interoperating services in privacy enabled B2B networks
International Journal of Advanced Media and Communication
| Hi-index | 0.00 |
Information about individuals is currently maintained in many thousands of databases, with much of that information, such as name and address, replicated across multiple databases. However, this proliferation of personal information raises issues of privacy for the individual, as well as maintenance issues in terms of the accuracy of the information. Ideally, each individual would own, maintain and control his personal information, allowing access to those who needed at the time it was needed. Organizations would contact the individual directly to obtain information, therefore being assured of using current and correct information.While research has been performed on users owning and controlling access to their personal information in an electronic commerce environment, we argue that this concept should be extended to all user information including, for example, medical and financial information. The end goal is not for users to simply maintain copies of this information, but to be the source of this information.This paper presents the concept of users owning their personal information and introduces some of the issues involved in users being able to control access to this information. The security requirements, including authentication, access control and audit, as well as user interfaces and trust, for this new paradigm are given particular emphasis.