A Privacy Enhancing Mechanism based on Pseudonyms for Identity Protection in Location-Based Services

Over the past years Mobile Business has gained significant progress not only because of higher transfer rates as well as advanced processing power and memory capabilities of networks and mobile devices but also because of novel location-based mobile applications which raise many expectations in the mobile market. As a result network operators start to offer their services to 3rd party application providers which fosters the development of innovative applications. However, today mobile applications are forced to operate in the restricted environment of one network operator which is rather cumbersome for the development of novel location-based mobile applications that need to exchange location data between different network operators, over different countries. In this paper we discuss a system architecture aimed for location-based services that overcomes the aforementioned deficiencies. It uses transaction pseudonyms for the exchange of sensitive data by preserving users privacy and allows the development of novel applications that are operated by 3rd party application providers accessing different network services. We show that the management of identities and pseudonyms allows even roaming users access to different kinds of location-based services.

[1]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[2]  Iris A. Junglas,et al.  A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  Dix Alan,et al.  A lightweight approach to managing privacy in location-based services, Equator-02-058 , 2002 .

[4]  D. Kocaoglu,et al.  Technology management for reshaping the world , 2003, PICMET '03: Portland International Conference on Management of Engineering and Technology Technology Management for Reshaping the World, 2003..

[5]  S. Fischer-h bner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[6]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[7]  George Yee,et al.  Using privacy policies to protect privacy in UBICOMP , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Hsing Mei,et al.  Location-based-service roaming based on Web services , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[10]  Robert R. Harmon,et al.  Location-based services: models for strategy development in M-commerce , 2003, PICMET '03: Portland International Conference on Management of Engineering and Technology Technology Management for Reshaping the World, 2003..

[11]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[12]  Audun Jøsang,et al.  Trust Requirements in Identity Management , 2005, ACSW.

[13]  Gerlind Wallon,et al.  The law is not enough , 2002, EMBO reports.

[14]  Markulf Kohlweiss,et al.  Privacy for Profitable Location Based Services , 2005, SPC.

[15]  Axel Küpper,et al.  Zone Services - An Approach for Location-Based Data Collection , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[16]  M. Weiser The Computer for the Twenty-First Century , 1991 .

[17]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[18]  Sandford Bessler,et al.  A Privacy Enhancement Mechanism for Location Based Service Architectures Using Transaction Pseudonyms , 2005, TrustBus.

[19]  Marco Gruteser,et al.  USENIX Association , 1992 .

[20]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[21]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.