Article

Privacy and identity management for everyone

Authors:

Simone Fischer-Hübner,

Henry Krasemann,

Gérard Lacoste,

Jimmy TsengAuthors Info & Claims

DIM '05: Proceedings of the 2005 workshop on Digital identity management

Pages 20 - 27

https://doi.org/10.1145/1102486.1102491

Published: 11 November 2005 Publication History

Abstract

The shift from a paper-based to an electronic-based society has dramatically reduced the cost of collecting, storing and processing individuals' personal information. As a result, it is becoming more common for businesses to "profile" individuals in order to present more personalized offers as part of their business strategy. While such profiles can be helpful and improve efficiency, they can also govern opaque decisions about an individual's access to services such as credit or an employment position. In many cases, profiling of personal data is done without the consent of the target individual.In the past decade, the European Union and its member states have implemented a legal framework to provide guidance on processing of personal data with the specific aim to restore the citizens' control over their data. To complement the legal framework, the prime (Privacy and Identity Management for Europe) project [14] has implemented a technical framework for processing personal data. prime's vision is to give individuals sovereignty over their personal data so that:

Individuals can limit the information collected about them by using pseudo-identities, certifications and cryptography when performing online transactions,

Individuals can negotiate legally-binding "privacy policies" with their service providers that govern how disclosed personal data can be used and which precautions must be taken to safeguard it, and

Individuals and service providers can use automated mechanisms to manage their personal data and their obligations towards data which they have collected from other parties.

To accomplish this, the prime project has designed and implemented a practical system-level solution which incorporates novel cryptographic protocols, sophisticated security protocols, and artificial intelligence algorithms. This paper describes the architecture of this system. Most key features of this architecture have been implemented in a proof-of-concept prototype.

References

[1]

Backes, M., Camenisch, J., and Sommer, D. Anonymous yet accountable access control. In Proceedings of the Workshop on Privacy in the Electronic Society 2005/ (2005).]]

Digital Library

[2]

Berners-Lee, T., Fielding, R., and Masinter, L. Uniform Resource Identifier (URI): Generic Syntax. RFC 3986 (Standard), Jan. 2005.]]

[3]

Bonatti, P., and Samarati, P. Regulating service access and information release on the web. In CCS '00: Proceedings of the 7th ACM conference on Computer and communications security/ (New York, NY, USA, 2000), ACM Press, pp. 134--143.]]

Digital Library

[4]

Bonatti, P. A., and Samarati, P. A uniform framework for regulating service access and information release on the web. J. Comput. Secur. 10, 3 (2002), 241--271.]]

Digital Library

[5]

Camenisch, J. Protecting (anonymous) credentials with the trusted computing group's trusted platform modules v1.2. Tech. rep., IBM Research, Jan. 2005.]]

[6]

Camenisch, J., and Lysyanskaya, A. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In Advances in Cryptology --- EUROCRYPT 2001 (2001), B. Pfitzmann, Ed., vol.~2045 of LNCS, Springer Verlag, pp.~93--118.]]

Digital Library

[7]

Camenisch, J., Sommer, D., and Zimmermann, R. A general certification framework with applications to privacy-enhancing certificate infrastructures. Tech. Rep. RZ 3629, IBM Zurich Research Laboratory, July 2005.]]

[8]

Casassa Mont, M. Dealing with privacy obligations: Important aspects and technical approaches. In TrustBus 2004 (2004), pp.~120--131.]]

[9]

Casassa Mont, M. Dealing with privacy obligations in enterprises. In ISSE (2004).]]

[10]

Chaum, D. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28, 10 (Oct. 1985), 1030--1044.]]

Digital Library

[11]

Dean, M., and Schreiber, G. OWL web ontology language reference. W3C Recommendation.]]

[12]

Farrell, S., and Housley, R. An Internet Attribute Certificate Profile for Authorization. RFC 3281 (Proposed Standard), Apr. 2002.]]

Digital Library

[13]

Goldschlag, D. M., Reed, M. G., and Syverson, P. F. Onion routing for anonymous and private internet connections. Communications of the ACM 42, 2 (Feb. 1999), 84--88.]]

Digital Library

[14]

Hansen, M., and Krasemann, H. Prime whitepaper. Whitepaper, 18 July 2005. http://www.prime-project.eu.org/prime/public/press_room/whitepaper/PRIME-Whitepaper-V1.pdf.]]

[15]

Housley, R., Polk, W., Ford, W., and Solo, D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (Proposed Standard), Apr. 2002.]]

Digital Library

[16]

Lysyanskaya, A., Rivest, R., Sahai, A., and Wolf, S. Pseudonym systems. In Selected Areas in Cryptography/ (1999), H. Heys and C. Adams, Eds., vol. 1758 of LNCS, Springer Verlag.]]

Digital Library

[17]

Manola, F., and Miller, E. RDF primer. W3C Recommendation.]]

[18]

Reiter, M. K., and Rubin, A. D. Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1, 1 (1998), 66--92.]]

Digital Library

[19]

Saita, A. Cardsystems admits stolen data violated policy. SearchSecurity.com, 21 June 2005. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1099932,00.html.]]

[20]

Turow, J., Feldman, L., and Meltzer, K. Open to exploitation: American shoppers online and offline. Tech. rep., Annenberg Public Policy Center, University of Pennsylvania, June 2005. http://www.annenbergpublicpolicycenter.org/04_info_society/Turow_APPC_Report_WEB_FINAL.pdf.]]

Cited By

Demertzi VDemertzis SDemertzis K(2023)An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)Algorithms10.3390/a1608037816:8(378)Online publication date: 6-Aug-2023
https://doi.org/10.3390/a16080378
Kareem YJahankhani H(2023)Development of a Decentralized Personal Indefinable Information (PII) Management Systems Using Blockchain dBFT Consensus AlgorithmAI, Blockchain and Self-Sovereign Identity in Higher Education10.1007/978-3-031-33627-0_8(167-191)Online publication date: 23-Jun-2023
https://doi.org/10.1007/978-3-031-33627-0_8
K. JR. B(2021)An Extensive Survey of Privacy in the Internet of ThingsIoT Protocols and Applications for Improving Industry, Environment, and Society10.4018/978-1-7998-6463-9.ch004(78-100)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-6463-9.ch004
Show More Cited By

Index Terms

Privacy and identity management for everyone
1. Information systems
  1. Information systems applications

Recommendations

Privacy enhancing identity management: protection against re-identification and profiling
DIM '05: Proceedings of the 2005 workshop on Digital identity management

User centric identity management will be necessary to protect user's privacy in an electronic society. However, designing such systems is a complex task, as the expectations of the different parties involved in electronic transactions have to be met. In ...
Privacy requirements in identity management solutions
Proceedings of the 2007 conference on Human interface: Part II

In this paper we highlight the need for privacy of user data used in digital identity management systems. We investigate the issues from the individual, business, and government perspectives. We provide surveys related to the growing problem of identity ...
Criteria for Evaluating the Privacy Protection Level of Identity Management Services
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies

Identity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DIM '05: Proceedings of the 2005 workshop on Digital identity management

November 2005

120 pages

ISBN:1595932321

DOI:10.1145/1102486

General Chair:
Vijay Atluri
Rurgers University
,
Program Chairs:
Pierangela Samarati
Universita' degli Studi di Milano, Italy
,
Atsuhiro Goto
NTT, Japan

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 11, 2005

VA, Fairfax, USA

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

57
Total Citations
View Citations
2,509
Total Downloads

Downloads (Last 12 months)69
Downloads (Last 6 weeks)11

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Demertzi VDemertzis SDemertzis K(2023)An Overview of Privacy Dimensions on the Industrial Internet of Things (IIoT)Algorithms10.3390/a1608037816:8(378)Online publication date: 6-Aug-2023
https://doi.org/10.3390/a16080378
Kareem YJahankhani H(2023)Development of a Decentralized Personal Indefinable Information (PII) Management Systems Using Blockchain dBFT Consensus AlgorithmAI, Blockchain and Self-Sovereign Identity in Higher Education10.1007/978-3-031-33627-0_8(167-191)Online publication date: 23-Jun-2023
https://doi.org/10.1007/978-3-031-33627-0_8
K. JR. B(2021)An Extensive Survey of Privacy in the Internet of ThingsIoT Protocols and Applications for Improving Industry, Environment, and Society10.4018/978-1-7998-6463-9.ch004(78-100)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-6463-9.ch004
Pal SPal S(2021)Modeling and Management of IdentityInternet of Things and Access Control10.1007/978-3-030-64998-2_5(123-142)Online publication date: 28-Jan-2021
https://doi.org/10.1007/978-3-030-64998-2_5
Shehu APinto ACorreia M(2019)Privacy Preservation and Mandate Representation in Identity Management Systems2019 14th Iberian Conference on Information Systems and Technologies (CISTI)10.23919/CISTI.2019.8760690(1-6)Online publication date: Jun-2019
https://doi.org/10.23919/CISTI.2019.8760690
Spiekermann SKorunovska JLangheinrich M(2019)Inside the Organization: Why Privacy and Security Engineering Is a Challenge for EngineersProceedings of the IEEE10.1109/JPROC.2018.2866769107:3(600-615)Online publication date: Mar-2019
https://doi.org/10.1109/JPROC.2018.2866769
Bednar KSpiekermann SLangheinrich M(2019)Engineering Privacy by Design: Are engineers ready to live up to the challenge?The Information Society10.1080/01972243.2019.158329635:3(122-142)Online publication date: 22-Mar-2019
https://doi.org/10.1080/01972243.2019.1583296
Pal SHitchens MVaradharajan V(2018)Modeling Identity for the Internet of Things: Survey, Classification and Trends2018 12th International Conference on Sensing Technology (ICST)10.1109/ICSensT.2018.8603595(45-51)Online publication date: Dec-2018
https://doi.org/10.1109/ICSensT.2018.8603595
Asghar MBackes MSimeonovski M(2018)PRIMA: Privacy-Preserving Identity and Access Management at Internet-Scale2018 IEEE International Conference on Communications (ICC)10.1109/ICC.2018.8422732(1-6)Online publication date: May-2018
https://doi.org/10.1109/ICC.2018.8422732
Ribeiro CLeitold HEsposito SMitzam D(2018)STORKInternational Journal of Information Security10.1007/s10207-017-0385-x17:5(569-585)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10207-017-0385-x
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents