Safeguarding Personal Data using Rights Management in Pervasive Computing for Distributed Applications

Privacy includes the right to determine the use of personal information after it has been released. Some compliance solutions have been proposed already. However, they are usually monolithic systems operating only within one database system or requiring a customized infrastructure. This paper explores the possibility to use a widespread document rights management platform to enable enforcement of usage policies. First experiences from a building a demonstration application are encouraging. We present an evaluation which leads to a wish list of what could be improved in the rights management platform.

[1]  Michael Waidner,et al.  Privacy-enabled services for enterprises , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[2]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[3]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[4]  P. Bramhall,et al.  Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises ♦ , 2005 .

[5]  Siani Pearson,et al.  Towards accountable management of identity and privacy: sticky policies and enforceable tracing services , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[6]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[7]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[8]  Ulrich Kohl,et al.  From Social Requirements to Technical Solutions - Bridging the Gap with User-Oriented Data Security , 1995 .

[9]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[10]  Larry Korba,et al.  Towards Meeting the Privacy Challenge: Adapting DRM , 2002, Digital Rights Management Workshop.

[11]  Gregory D. Abowd,et al.  Security requirements for environmental sensing technology , 2003 .

[12]  Klaus-Peter Löhr,et al.  Entwicklung und Verwaltung von Zugriffsschutz in verteilten Objektsystemen – eine Krankenhausfallstudie , 2003, PIK Prax. Informationsverarbeitung Kommun..

[13]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[14]  Marco Casassa Mont,et al.  Privacy Enforcement with HP Select Access for Regulatory Compliance , 2005 .

[15]  Frank Stajano Will your digital butlers betray you? , 2004, WPES '04.