requirements study I (original) (raw)
Related papers
Policy extension for data access control
2010 6th IEEE Workshop on Secure Network Protocols, 2010
In this paper, we propose a security framework, looking at different policies for data access control in the mobile environments. We have started with extending the Platform for Privacy Preferences (P3P) policy for controlling the data access. The aim is to modify the P3P policy and to use it in the security capsule of a mobile handset. The service provider can publish the P3P policy in the WebServices and request the mobile client for the user preferences. With the introduction of P3P policy into the mobile device the access to the data is controlled including user preferences and identity mapping. Service provider data will always be encrypted and successful decryption will be a big challenge.
Policy Specification and Enforcement for Smart ID Cards Deployment
2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008
Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity Management System (IDMS) is often used. To protect the integrity, confidentiality and privacy of the credential data that is collected, stored and disseminated through IDMS, a sophisticated set of policies governing data flows, processing and distribution are required. In this paper, we present a policy specification and enforcement framework using XML, XML Schemas and XSLT that was developed for secure management of the infrastructure system used for a large scale smart ID card deployment.
Enabling user privacy in identity management systems
2010 IEEE International Conference on Information Theory and Information Security, 2010
(Royaume-Uni) Commentaire [ML1]: J'ai homogénéisé en fonction du format pour ICITIS Mis en forme : Police :(Par défaut) Times New Roman, Anglais (Royaume-Uni) Mis en forme : Police :(Par défaut) Times New Roman Mis en forme : Police :(Par défaut) Times New Roman, Anglais (Royaume-Uni) Mis en forme : Allemand (Allemagne) Mis en forme : Anglais (Royaume-Uni) Code de champ modifié Mis en forme : Anglais (Royaume-Uni) Mis en forme : Anglais (Royaume-Uni) Mis en forme : Français (France) Mis en forme : Anglais (Royaume-Uni) Code de champ modifié Mis en forme : Français (France)
Personalized Security in Mobile Environments Using Software Policies
2011
With the advance of technology and the widespread of mobile devices that enable users to have access to a wide range of services wherever they are, and whenever they want, many security issues arise. Both users and service providers feel the need to protect themselves from the large number of threats that are present on every network. Some time ago, users could have access to services only if they were physically present in a certain, predefined, area. This gave a lot of user personal information to the service providers which helped them secure their systems and their transactions with users. Now, it is not anymore the case. Therefore, the need arose for a novel way, for mobile users and service providers, to secure their information and their transactions. In this paper, we show that combining software policies and context information provides users and service providers with confidentiality, data integrity, data availability, and accountability. Keywordsmobility; security; softwa...
Enabling user control with personal identity management
2007
Abstract Being proactive and vigilant is the best defense against identity theft and the invasion of privacy. This recurrent advice from the public broadcasting attests that security breaches can happen and no identity management system can provide full-proof security. The challenge is even greater in service-oriented architectures where each user has their identities scattered across many services and has no control over management of those identities.
39 omputer systems play an increasingly prominent role in our daily lives. Interacting with these systems often involves disclosing personal data—data that can be traced back to particular individuals, collected in different contexts. For example, healthcare providers, insurance companies, and tax offices collect personal data explicitly. The use of credit or loyalty cards, as well as Internet shopping, leave implicitly created digital footprints. So does the use of mobile phones (traffic data) and the coming generation of motor vehicles (location data and sensed driving behavior). Moreover, public security concerns have led to increased monitoring of public spaces where personal data (images and contexts) is gathered without direct interaction with computerized services. The looming reality of ubiquitous computing will further increase the amount of personal data collected, and enhanced network capabilities give rise to potentially uncontrolled distribution. Using a server-side arc...
A prototype for defining and enforcing privacy policies
Report, Norwegian Computing …
Knowledge of the location of a person's mobile phone can be used by service providers to tailor better services for their customers, and can generate new business opportunities. To make use of this information, the privacy of the users needs to be enforced. Information about a person's location is private information, and a key question is: "Who should have access to what location information under which circumstances?"
An advanced policy based authorisation infrastructure
2009
The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.