Safeguarding Personal Data using Rights Management in Distributed Applications

@inproceedings{Hohl2007SafeguardingPD,
  title={Safeguarding Personal Data using Rights Management in Distributed Applications},
  author={Adolf Hohl and Alf Zugenmaier},
  booktitle={SEC},
  year={2007}
}
Privacy includes the right to determine the use of personal information after it has been released. Some compliance solutions have been proposed already. However, they are usually monolithic systems operating only within one database system or requiring a customized infrastructure. This paper explores the possibility to use an off-the-shelf document rights management platform to enable enforcement of usage policies. First experiences from a building a demonstration application are encouraging. 
A Taxonomy Proposal for Privacy
TLDR
This work presents some of the work on privacy and proposes a taxonomy for privacy, which describes different aspects of privacy in the context of electronic communications.
Security in Pervasive Computing Calling for new Security Principles
TLDR
The paper argues that the continuation of current security practices is not possible and sketches an ideal state in which security is not achieved by prohibiting everything not explicitly allowed, but by monitoring, evidence gathering and reconciliation.
Auswirkungen von Trusted Computing auf die Privatsphäre
Welche Auswirkungen Trusted Computing auf die Privatsphare von Menschen haben wird, lasst sich zum heutigen Zeitpunkt noch nicht abschliesend feststellen. Allerdings konnen aus der Spezifikation, den

References

SHOWING 1-10 OF 18 REFERENCES
Safeguarding Personal Data using Rights Management in Pervasive Computing for Distributed Applications
TLDR
This paper explores the possibility to use a widespread document rights management platform to enable enforcement of usage policies and presents an evaluation which leads to a wish list of what could be improved in therights management platform.
Towards Accountable Management of Privacy and Identity Information
TLDR
A technical solution based on ”sticky” privacy policies and tracing services that leverages Identifier-based Encryption (IBE) along with trusted platform technologies such as TCPA (TCG) and Tagged Operating Systems is introduced.
Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises ♦
TLDR
This paper describes issues and requirements related to privacy management as an aspect of improved governance in enterprises and introduces HP Labs work in these areas: core concepts are described along with policy enforcement models and related technologies.
Towards Meeting the Privacy Challenge: Adapting DRM
TLDR
This paper outlines the legal requirements for privacy under the European Union Data Directive, and describes adaptations for transforming a DRM system into a privacy rights management system.
E-P3P privacy policies and privacy authorization
TLDR
The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-grained privacy policy model that enables enterprises to keep their promises and prevent accidental privacy violations.
Privacy Enforcement with HP Select Access for Regulatory Compliance
TLDR
This paper describes work done at HP Labs to address the problem and develop a privacy-aware access control system to enforce privacy policies on personal data by means of flexible, integrated and adaptive solutions.
Towards accountable management of identity and privacy: sticky policies and enforceable tracing services
TLDR
This document describes an innovative approach and related mechanisms to enforce users' privacy by putting users in control and making organizations more accountable that leverages identity-based encryption (IBE) and TCPA technologies.
Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data
TLDR
The Platform for Enterprise Privacy Practices (E-P3P), which defines technology for privacy-enabled management and exchange of customer data, is described, which introduces a viable separation of duty between the three "administrators" of a privacy system.
Privacy-enabled services for enterprises
The IBM Enterprise Privacy Architecture (EPA) is a methodology for enterprises to provide an enhanced and well-defined level of privacy to their customers. EPA is structured in four building blocks.
A Privacy Awareness System for Ubiquitous Computing Environments
TLDR
This work introduces a privacy awareness system targeted at ubiquitous computing environments that allows data collectors to both announce and implement data usage policies, as well as providing data subjects with technical means to keep track of their personal information as it is stored, used, and possibly removed from the system.
...
...