This book documents the R&D outcome of the PRIME Project, an R&D project partially funded by the European Union ́ s Sixth Framework Programme and the Swiss Federal Office for Education and Science. ℗ PRIME has focused on privacy-enhancing identity management techniques and systems to support users ́ sovereignty over their personal privacy and enterprises ́ privacy-compliant data processing. During the course of four years, the project has involved over a hundred researchers and professionals from 22 major European academic and industrial organizations conducting R&D work in areas relevant to digital privacy. The book presents 28 detailed chapters organized in five parts: -℗ ℗ ℗ ℗ ℗ ℗ Introductory summary -℗ ℗ ℗ ℗ ℗ ℗ Legal, social, and economic aspects -℗ ℗ ℗ ℗ ℗ ℗ Realization of privacy-enhancing user-centric identity management -℗ ℗ ℗ ℗ ℗ ℗ Exploitation of PRIME results for applications -℗ ℗ ℗ ℗ ℗ ℗ Conclusions drawn and an outlook on future work As the first coherent presentation of the topic, this book will serve as a valuable source of reference and inspiration for anybody working on digital privacy

upload/misc_2025_10/IXKXcI5mZnjhFnLAUPaa/E-Books/computer/security/9783642190490_digital_privacy_3b1a.pdf

nexusstc/Digital Privacy/50df025b6ddf8f710dc098e3efccd97d.pdf

lgli/_396669.50df025b6ddf8f710dc098e3efccd97d.pdf

lgrsnf/_396669.50df025b6ddf8f710dc098e3efccd97d.pdf

scihub/10.1007/978-3-642-19050-6.pdf

zlib/Business & Economics/Management & Leadership/Jan Camenisch, Ronald Leenes, Marit Hansen, Jan Schallaböck (auth.), Jan Camenisch, Ronald Leenes, Dieter Sommer (eds.)/Digital Privacy: PRIME - Privacy and Identity Management for Europe_1104853.pdf

Camenisch, Jan (edt); Leenes, Ronald (edt); Sommer, Dieter (edt)

edited by Jan Camenisch, Ronald Leenes, Dieter Sommer

Spektrum Akademischer Verlag. in Springer-Verlag GmbH

Springer Berlin Heidelberg : Imprint: Springer

Steinkopff. in Springer-Verlag GmbH

Springer Nature

Lecture Notes in Computer Science -- 6545, Berlin, Heidelberg, Germany, 2011

Security and Cryptology, 6545, 1st ed. 2011, Berlin, Heidelberg, 2011

Lecture notes in computer science, 6545, Berlin ; New York, ©2011

Springer Nature, Berlin, Heidelberg, 2011

Germany, Germany

2011, PS, 2011

1, 20110412

до 2011-08

sm21563581

{"container_title":"Lecture Notes in Computer Science","edition":"1","isbns":["3642190499","3642190502","9783642190490","9783642190506"],"issns":["0302-9743","1611-3349"],"last_page":800,"publisher":"Springer","series":"Lecture Notes in Computer Science 6545 State-of-the-art survey"}

MiU

3642190499,9783642190490
Springer 2011
Cover 1
Lecture Notes in Computer Science 6545 2
Digital Privacy 4
ISBN 9783642190490 5
Foreword 6
Preface 8
Contents 16
Part I: Privacy and Identity Management 32
1 An Introduction to Privacy-Enhancing Identity Management 34
Motivation 35
A Scenario – Alice Goes Shopping 37
PRIME Enabled Shopping 38
Phase 1: Buyer Beware 39
Phase 2: Pre-sales — Starting from Maximum Privacy 40
Phase 3: Ordering — Informed Consent and Purpose Limitation 41
Phase 4: After-Sales and Delivery — Retaining Control: Policy Enforcement 44
Phase 5: Customer Relationship — Building the Relationship 45
Phase 6: Beyond Being a Connoisseur — Alice's Other Identities 46
The Bigger Picture 48
Concepts and Human-Computer Interaction 49
Public Awareness 49
Economics 50
Reaching Out 51
Requirements for Identity Management Systems 51
Part II: Setting the Stage 53
2 Overview and Introduction Part II 54
Introduction 54
An Approach from Three Perspectives 56
Structure Part II 57
3 The Identity Landscape 59
Introduction 59
The Concept of (Online) Identity 60
Asymmetric Perspectives 61
The Enterprise-Centric View on Identity Management 61
A User-Centric View on Identity Management 62
Combining the Perspectives 63
Evolving Identity Management Systems 64
Existing Identity Management Applications 66
Microsoft Passport 66
Liberty Alliance 67
OpenID 68
Microsoft Cardspace 68
Other IdM Systems 69
Complicating the Online Identity Landscape 69
The Internet as a Social Environment 70
Customer Empowerment 70
Identity-Related Crime and Misbehaviour 71
The Expanding Internet: Always-On and Everywhere 72
The Internet of Things and the Citizens of Tomorrow 73
Identifying the Individual in the Era of the Internet of Things 74
Conclusion 76
4 The Need for Privacy-Enhancing Identity Management 78
Introduction 78
Individual Perspective 79
Power Imbalance 80
Relations 82
Personal Development 83
Behaviour, Health, and Emotions 84
Organisational Perspective 85
Business 85
Government Services 88
Societal Perspective 89
The Determination of Privacy in Social Context 90
The Contribution of Privacy-Enhanced IdM to Society 91
Conclusion 95
5 Regulating Identity Management 97
Introduction 97
A Brief History of European Data Protection Regulation 98
The EU Data Protection Directive 100
The ePrivacy Directive 102
Other Relevant Directives 103
Principles of Data Processing 103
Principles on Processing of Personal Data 104
Rights of the Data Subject 107
Specific Requirements for Electronic Communications Systems or Applications 109
Applicability Issues of the Current Legal Framework 110
An Old Directive for New Technologies 110
The Role of the ePrivacy Directive with Regard to the Challenges Posed by New Technologies 111
Conclusion 113
6 User-Centric Privacy-Enhancing Identity Management 114
Introduction 114
Sources of the User-Perspective Requirements 115
Audience Segregation 115
User Control 117
Adoption of Privacy-Enhanced IdM in Society 125
Conclusions 128
7 Privacy-Enhancing Identity Management in Business 130
Introduction 130
Business Model for Privacy Enhancement 131
Privacy Adoption Drivers 131
Process Maturity for Privacy 136
Risk Analysis for Data Privacy 143
Privacy Impact on Business Process Design 145
Cost Benefit Analysis of Privacy 147
Requirements from a Business Perspective 150
Conclusion 152
Part III: What Technology Can Do for Privacy and How 153
8 Introduction: Privacy, Trust, and Identity Management 154
Trust 155
Analysis of Trust 156
Establishing Trust and Managing Privacy 157
Understanding Trust 157
Structure 160
9 Architecture 163
Introduction 163
Motivation and Goals 163
Realizing the Goals: Technology 165
Related Work 168
Outline 170
Architecture Overview 170
One Party in the System 170
Parties and Interactions 171
Data 175
Components 182
Data Model 185
Identity 186
Constants 188
Formulae in First-Order Logic 188
Predicates 189
Connectives 189
Subject 190
Identifier Objects 191
Certification Metadata 193
Conditional Release 194
Anonymity Revocation 196
Typing 196
Automated Reasoning 200
Requests of Data 203
Matching Data against Requests 206
Further Discussion 208
Data Representation Based on Our Model 211
Identifier Relationships 212
Identity Relationships 213
Data Track 218
Profile Data 220
Data Statements and Requests 221
Identity Management Concepts 222
Partial Identities 222
Data Exchange Architecture 224
Roles in an Attribute Exchange Scenario 226
Private Certificate Systems 227
High-Level Architecture 228
Component Interface 229
Components 246
Aspects of System Architecture 249
Authorization Policies 254
Paradigms of Authorization Systems 254
Our Approach 255
Language Basics 256
Language Extensions 257
Rule Composition 263
Associating Policies with Resources 264
Architectural Integration 270
Data Handling Policies 272
Model 272
Association of Policies with Data 276
Policy Negotiation 279
Concrete Realization in the PRIME Prototype 282
Negotiation – Exchange of Data 283
Overview 284
Negotiation Model 286
Policy-Driven Negotiation 288
A Round of Negotiation 289
Conclusions 297
Key Contributions 297
Experience 298
10 Pseudonyms and Private Credentials 301
Introduction 301
The Idemix Private Credential System 302
Basic Principles of Strong Authentication 302
Balancing Anonymity and Accountability 303
The Idemix System 304
Required Properties When Showing a Certificate 304
Cryptographic Primitives 306
Cryptography for the Controlled Release of Certified Data 309
Building Applications Using Idemix 312
An Anonymous Credential System 312
Anonymity Revocation 314
Balancing Anonymity and Accountability Using e-Cash Techniques 315
Application Scenarios 317
Historical Notes 320
11 Privacy Models and Languages: Access Control and Data Handling Policies 321
Introduction 321
Privacy Policy Categories 322
Scenario 323
Access Control Model and Language 325
Basic Concepts 325
Functionalities 327
Description of the Access Control Language 328
Data Handling Model and Language 332
Description of the Data Handling Language 334
Related Work 338
Conclusions 341
12 Privacy Models and Languages: Obligation Policies 342
Introduction to Privacy Obligation Policies 342
Analysis of Privacy Obligations 343
Requirements and Constraints 347
Model of Privacy Obligations 350
Conceptual View 351
Formal View 352
Operational View 353
Relationships with AC/DHP Policies 356
Privacy Obligation Policies: Language 357
Parametric Obligation Policies 363
Parametric Obligation Policies: Model 364
Parametric Obligation Policies: Reference Scenario 366
Parametric Obligation Policies: Language 366
Discussion 372
Next Steps and Future R&D Work 372
13 Privacy Models and Languages: Assurance Checking Policies 373
Introduction 373
Principles 374
Natural Language Examples 374
Overview of Different Potential Approaches 375
Defining Trust Constraints: A Lower Level Representation 375
Defining Clauses as First Class Objects: A Higher-Level Representation 378
Conceptual View 378
Examples of Clauses 380
Formal View 381
Operational View 381
Representation of Assurance Policies in XML Format 382
Analysis 383
Next Steps and Future R&D Work 385
14 Privacy-Aware Access Control System: Evaluation and Decision 386
Introduction 386
Interplay between Parties 388
A Privacy-Aware Access Control Architecture 390
Access Control Decision Function 390
Policy Management 392
Policy Evaluation 393
A Privacy-Aware Access Control System Prototype 394
ACDF Prototype 395
PM Prototype 397
Performance Analysis 398
The Evaluation Flow 399
Performance Results 400
Conclusions 403
15 Privacy-Aware Identity Lifecycle Management 405
Privacy-Aware Identity Lifecycle Management: Principles and Concepts 405
Obligation Management Framework 405
Obligation Management System 407
Design Rationale 407
System Architecture 408
Implementation Details 412
Interaction Flow 419
Event Management Framework 421
Data Repository 422
Administration GUI 425
Discussion 429
Scalable Obligation Management System 429
Scalable Obligation Management Framework 429
System Architecture 431
Discussion and Conclusions 434
16 Privacy Assurance Checking 435
Introduction 435
Scenarios Considered 437
How Assurance Checking Fits in with the PRIME Approach 438
Assurance Control Framework: Overview 440
Privacy Compliance Checking System 441
Design Rationale 441
Architecture 441
Key Interfaces 445
Implementation Details 449
Mapping and Capability Validation 451
Description of Protocol 453
Role of Third Parties within the Trust Chain 457
Extension to B2B Scenarios 459
Comparison with Related Work 460
Next Steps and Future R&D Work 463
Conclusions 463
17 Security/Trustworthiness Assessment of Platforms 465
Introduction 465
Assessment of Trust 465
Trust in an Organisation 466
Trust 467
Determining Trustworthiness 467
Summary 470
Assessing the Impact of Computer Systems in Relation to On-Line Trust 470
Analysis of Online Trust 470
How On-Line Trust Is Underpinned by Social and Technological Mechanisms 471
Summary 472
Deploying Trusted Technologies 473
Trusted Computing Technology 473
How Trusted Platforms Can Provide Persistent and Dynamic Trust 474
Summary 476
Use of Trusted Computing to Enhance Privacy 477
Introduction 477
How Trusted Computing Platform Technology Can Enhance Privacy 477
Privacy Enhancing Safeguards of Trusted Computing Technology 478
How Such Building Blocks Can Be Used 480
Potential Negative Privacy Implications of Trusted Computing 482
Concluding Remarks 484
PRIME Platform Trust Manager (PTM) 485
Trust Handler (TH) 488
Trust Real-time Monitor (TRM) 488
Platform Trust Status (PTS) 488
Trust Communicator (TC) 489
Reputation Manager (RM) 490
Trust Wrapper (TW) 490
Reputation Management 490
Objective Reputation Assessment 490
Privacy Preferences and Privacy Obligations 491
Conclusions 491
18 Further Privacy Mechanisms 492
Privacy Measures 492
Formal Methods 494
Persistent Data and Statistical Databases 497
Data-Flow in Networks 499
Generalizations 501
Data Anonymization 509
Introduction 509
Analysis of Some Anonymization Examples in Europe and the USA 511
Requirements for a Suitable Implementation 517
A Generic Anonymization Architecture 522
Implementation 525
Discussion 526
Conclusions 527
Anonymous Communication 528
Scenario 529
Techniques and Approaches 533
Threats in Anonymous Communication 547
Legal Issues 550
Unobservable Content Access 550
Private Information Retrieval and Oblivious Transfer 552
Access Control for Unobservable Services 553
Location-Based Services 554
Conclusion and PRIME Perspective 562
19 Reputation Management as an Extension of Future Identity Management 563
Introduction 563
Model of Reputation Systems 565
Reputation 565
Reputation Network 566
Reputation within BluES'n 569
Characteristics of a Reputation System in the Context of Collaborative eLearning 569
Basic Design of the Reputation System 569
Reputation as Service for PRIME Applications 571
Necessary Infrastructure 571
System Design 572
Outlook 574
20 Human-Computer Interaction 575
Introduction 575
Related Work 576
User-Friendly Representation of Policy Management with the Help of Default Settings 577
Secure Interfaces 577
Mapping Legal Privacy Requirements 578
Mediation of Trust 579
Challenge I: User-Friendly Representation of Complex PET Concepts 579
Simplified Policy Handling 580
UI Paradigms for Presenting Privacy Preferences 583
Challenge II: Secure Interfaces 587
Challenge III: Mapping Legal Privacy Requirements 588
Obtaining Informed Consent 588
Enhancing Transparency 593
Challenge IV: Mediation of Trust 597
Outlook 599
Disclosing Data Using Anonymous Credentials 599
Notification about Incidents 599
Linkability Computation 600
How Ontologies Can Be Utilised for UI Design 600
21 Technology Assurance 602
Introduction 602
Cost of Testing 603
Common Criteria 604
Early Security Validation with CC 604
Evaluation and the Common Criteria 604
Basic Preconditions for an Evaluation 605
Implemented Security Functions 606
Threat Analysis 606
Test Plans 607
The Documentation of the Test Results 608
Evaluation Process 608
Experience with CC-Based Project Evaluation 609
Integrated Prototype 609
LBS Prototype 610
eLearning Prototype 610
Conclusion 612
22 Requirements for Identity Management from the Perspective of Multilateral Interactions 613
Introduction 613
Objective of the Chapter 613
User-Controlled Identity Management: From Chaum to PRIME 614
Collaborative eLearning as example for MLI 615
Multilateral Interactions 615
Stakeholders 615
Building Blocks 617
Pseudonyms and Partial Identities 618
Relationship Information 618
Searching for and Finding of Interaction Partners 619
Trust Management and Reputation 620
Awareness Information 621
Context and History 621
Access Control 622
Negotiation and Enforcement of Privacy Policies and Preferences 623
Workflows and Behaviour Patterns 623
External Regulations 624
Summary and Outlook 625
Overview of Building Blocks 625
Building Blocks in the Model of David Chaum 626
Research Questions 627
Part IV: PRIME Applied 631
23 Introduction 632
24 Collaborative E-Learning 636
The Collaborative eLearning System BluES'n 636
Democratisation of an eLearning Environment 636
Need for Privacy and How PRIME Helps 638
Intra-Application Partitioning of Personal Data 640
Necessity and General Goals 640
Concept for the Support of IAP 641
Realisation within the CeL Prototype 642
Discussion 643
Policy- and Credential-Based Access Control 644
Necessity for Privacy-Enhancing Access Control 644
Realisation within the CeL Prototype 644
Discussion 645
Privacy-Aware and Usable Application Design 646
Management of Aliases 647
Chernoff Faces 648
GUI Components: InfoCenter and Echobar 650
Adapted ``Send Personal Data''-Dialogue 651
Summary – The Final CeL Prototype 652
Beyond PRIME – An Outlook 655
25 Location-Based Services 657
Introduction 657
Privacy in Location-Based Services 657
Requirements 659
Business Models 659
Data Protection 660
The Concept of a Location Intermediary 661
Prototype Development 663
PRIME Principles in a Restricted Mobile Environment 664
First Prototype Version 665
Scenario 665
Implementation 665
Second Prototype Version 668
Scenario 668
Implementation 668
Commercialization 670
Possible Deployment 671
Outlook 672
26 e-Health 674
Introduction 674
Definition of ``Health'' by the World Health Organization (WHO) 675
Continuity of Care and Impact on Individual's Life 675
Health and Lifestyle Management 676
The Self Care Medication Regimen and the Opportunity for Privacy-Enhanced Processes and Services 677
Reference Context for Privacy-Enhanced Process and Service Re-engineering Based on the PRIME Concepts Applied to Self Care Drug Therapy Management 683
A Healthcare Demonstrator: Objectives and Scenario 684
Objectives 684
Scenario 685
Collaboration with Other European Research Initiatives 687
Application Requirements 688
Application Demonstrator Architecture 690
Demonstrator Components 690
Privacy-Enhanced Online Drug Purchase: Information Flow 690
Data Track and Obligations: Ensuring User Control 694
Conclusion 696
27 Airport Security Controls 698
Introduction 698
The Reason behind the Prototype 699
The Trusted Traveler Use Case Scenario 700
Privacy Enhancements 701
Trusted Traveler ``Smart Card'' and Data Stored Therein 701
The ASC Prototype Stages 702
The Enrollment 702
Check-In 704
Entering the Passenger Restricted Area (PRA) 706
Gate 708
Boarding 709
The Use of Cryptography 710
28 Privacy and Identity Management Requirements: An Application Prototype Perspective 712
Introduction 712
Users' Interests and Requirements 713
Data Minimization 713
Control of Data Flow 716
Easy-to-Use Technology 718
Reliable Service Provision 719
Service Providers' Interests and Requirements 719
Flexible Business Models 720
Customer Loyalty and Trust 720
User Base 720
Trusted Payment Partners 721
Delegation 722
Legal Compliance 722
Network Operators' Interests and Requirements 722
Flexible Business Models 723
Easy Integration of Third-Party Services 723
Legal Compliance 724
Customer Loyalty and Trust 724
Leveraging Existing Infrastructural Assets 724
Enabling New Applications 724
Developer Requirements 724
Documentation 724
Lean Interfaces 725
Integration into Existing Frameworks 725
Conclusion 725
Part V: Conclusion and Outlook 727
29 Conclusion and Outlook 728
Conclusion 728
Outlook 729
Further Research on Identity Management 729
Making Privacy Real 730
Including the Social Value of Privacy 731
Succeeding PRIME 732
Part VI Appendix 734
30 XML Schemata 735
Author Index 740

Front Matter....Pages -
Front Matter....Pages 1-1
An Introduction to Privacy-Enhancing Identity Management....Pages 3-21
Back Matter....Pages 23-23
Front Matter....Pages 25-25
Overview and Introduction Part II....Pages 27-31
The Identity Landscape....Pages 33-51
The Need for Privacy-Enhancing Identity Management....Pages 53-71
Regulating Identity Management....Pages 73-89
User-Centric Privacy-Enhancing Identity Management....Pages 91-106
Privacy-Enhancing Identity Management in Business....Pages 107-129
Back Matter....Pages 131-137
Front Matter....Pages 139-139
Introduction: Privacy, Trust, and Identity Management....Pages 141-149
Architecture....Pages 151-288
Pseudonyms and Private Credentials....Pages 289-308
Privacy Models and Languages: Access Control and Data Handling Policies....Pages 309-329
Privacy Models and Languages: Obligation Policies....Pages 331-361
Privacy Models and Languages: Assurance Checking Policies....Pages 363-375
Privacy-Aware Access Control System: Evaluation and Decision....Pages 377-395
Privacy-Aware Identity Lifecycle Management....Pages 397-426
Privacy Assurance Checking....Pages 427-456
Security/Trustworthiness Assessment of Platforms....Pages 457-483
Further Privacy Mechanisms....Pages 485-555
Reputation Management as an Extension of Future Identity Management....Pages 557-568
Human-Computer Interaction....Pages 569-595
Back Matter....Pages 627-649
Front Matter....Pages 139-139
Technology Assurance....Pages 597-607
Requirements for Identity Management from the Perspective of Multilateral Interactions....Pages 609-626
Back Matter....Pages 627-649
Front Matter....Pages 651-651
Introduction....Pages 653-656
Collaborative E-Learning....Pages 657-677
Location-Based Services....Pages 679-695
e-Health....Pages 697-720
Airport Security Controls....Pages 721-734
Privacy and Identity Management Requirements: An Application Prototype Perspective....Pages 735-749
Back Matter....Pages 751-755
Front Matter....Pages 757-757
Conclusion and Outlook....Pages 759-764
Back Matter....Pages 765-765
Back Matter....Pages -

This book documents the R & D outcome of the PRIME Project, an R & D project partially funded by the European Union's Sixth Framework Programme and the Swiss Federal Office for Education and Science. PRIME has focused on privacy-enhancing identity management techniques and systems to support users' sovereignty over their personal privacy and enterprises' privacy-compliant data processing. During the course of four years, the project has involved over a hundred researchers and professionals from 22 major European academic and industrial organizations conducting R & D work in areas relevant to digital privacy. The book presents 28 detailed chapters organized in five parts: - Introductory summary - Legal, social, and economic aspects - Realization of privacy-enhancing user-centric identity management - Exploitation of PRIME results for applications - Conclusions drawn and an outlook on future work As the first coherent presentation of the topic, this book will serve as a valuable source of reference and inspiration for anybody working on digital privacy

2011-08-31