Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM
Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
Anonymous yet accountable access control
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Context-aware privacy protection with profile management
WMASH '06 Proceedings of the 4th international workshop on Wireless mobile applications and services on WLAN hotspots
Notarized federated ID management and authentication
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
A Trusted Approach to E-Commerce
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Adoption of mobile Location-Based Services with Zaltman Metaphor Elicitation Techniques
International Journal of Mobile Communications
Towards the development of privacy-aware systems
Information and Software Technology
Interoperability of E-Government Information Systems: Issues of Identification and Data Sharing
Journal of Management Information Systems
A user-centric federated single sign-on system
Journal of Network and Computer Applications
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
Fine-Grained Recommendation Systems for Service Attribute Exchange
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
StemCerts-2: pairs of X.509 v3 certificates for greater security, flexibility and convenience
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
A secure data repository for semantic federation of product information
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
A framework for the lived experience of identity
Identity in the Information Society
User-centric identity management using trusted modules
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
E-commerce: protecting purchaser privacy to enforce trust
Electronic Commerce Research
Policy-based integration of user and provider-sided identity management
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Towards a similarity metric for comparing machine-readable privacy policies
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
Role-and relationship-based identity management for privacy-enhanced E-Iearning
International Journal of Artificial Intelligence in Education
Identity, location, disease and more: inferring your secrets from android public resources
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
The shift from a paper-based to an electronic-based society has dramatically reduced the cost of collecting, storing and processing individuals' personal information. As a result, it is becoming more common for businesses to "profile" individuals in order to present more personalized offers as part of their business strategy. While such profiles can be helpful and improve efficiency, they can also govern opaque decisions about an individual's access to services such as credit or an employment position. In many cases, profiling of personal data is done without the consent of the target individual.In the past decade, the European Union and its member states have implemented a legal framework to provide guidance on processing of personal data with the specific aim to restore the citizens' control over their data. To complement the legal framework, the prime (Privacy and Identity Management for Europe) project [14] has implemented a technical framework for processing personal data. prime's vision is to give individuals sovereignty over their personal data so that:Individuals can limit the information collected about them by using pseudo-identities, certifications and cryptography when performing online transactions,Individuals can negotiate legally-binding "privacy policies" with their service providers that govern how disclosed personal data can be used and which precautions must be taken to safeguard it, andIndividuals and service providers can use automated mechanisms to manage their personal data and their obligations towards data which they have collected from other parties.To accomplish this, the prime project has designed and implemented a practical system-level solution which incorporates novel cryptographic protocols, sophisticated security protocols, and artificial intelligence algorithms. This paper describes the architecture of this system. Most key features of this architecture have been implemented in a proof-of-concept prototype.