SlideShare a Scribd company logo

Privacy in Business Processes by Identity Management

S
Sven Wohlgemuth

Enterprises and governmental agencies process personal data of their clients for, e.g., personalised services and to get access to services as a proxy for them. By the Directives 95/46/EC and 2002/58/EC, the EC has defined data protection and security principles in order to regulate the processing of personal data. User centric identity management empowers clients in controlling the disclosure of their personal data to organisations. For information chains as found in multi-staged processes identity management may lead to a big-brother phenomenon. Clients have to trust organisations that they process personal data according to their privacy and security policies, along the chain of participating parties. This workshop aims at these challenges and discusses first approaches for privacy enhancing technologies (PET) and their use in current and future business and governmental process models. The workshop itself will be jointly organised by the IST FP6 projects FIDIS and PRIME.

Internet
1 of 8
Download to read offline
PrivacyPrivacy in Businessin Business ProcessesProcesses byby IdentityIdentity ManagementManagement IST 2006, Helsinki, November 23IST 2006, Helsinki, November 23rdrd, 2006, 2006 Sven Wohlgemuth Prof. Dr. Günter Müller Albert-Ludwig University of Freiburg, Germany Institute of Computer Science and Social Studies Department of Telematics http://www.telematik.uni-freiburg.de
http://www.telematik.uni-freiburg.de 2Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> IIG Telematics Prof. Dr. Günter Müller Computer science (7 assistants) Privacy & security E-Commerce Economics (7 assistants) • iManager: Security and usability by identity management (CeBIT 2003, doIT Software-Award 2003) • Int. Conference on Emerging Trends in Information and Communication Security (ETRICS) 2006 • Editor of CACM special issue “Privacy and Security in Highly Dynamic Systems”, Sept. 2006 • Electronic Commerce Enquête 2005: Use of IT in German enterprises • Coordination of German Priority Programme “Security in the Information and Communication Technology” • Coordination of FIDIS NoE work package “Privacy in Business Processes”
http://www.telematik.uni-freiburg.de 3Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> 43,6% 37,3% 34,4% 34,2% 22,6% 20,9% 44,3% 46,8% 49,8% 47,7% 56,7% 58,4% 12,0% 16,0% 15,8% 18,1% 20,7% 20,7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% no medium high Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php SurveySurvey forfor Germany (ECE IV)Germany (ECE IV) MostMost ImportantImportant BarriersBarriers forfor PersonalizedPersonalized ServicesServices
http://www.telematik.uni-freiburg.de 4Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> I want a car Car Service 1 Service 2 Challenge: User-controlled disclosure of personal data I need money Money Profile 1 Profile 2 Jendricke, U., Gerd tom Markotten, D.: Usability meets Security - The Identity-Manager as your Personal Security Assistant for the Internet, ACSAC, 2000 Problem 1: Linkability ofProblem 1: Linkability of ProfilesProfiles Personalised services: Conscious data collection Creating profiles Tracing an user by identifying data U = profile Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Identity management (e.g. Freiburg iManager)
http://www.telematik.uni-freiburg.de 5Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, LNCS 3995, 2006 Need medical help Therapy Service 1 Blood analysis of P Result Service 2 … Person Person Profile 2 Profile 1+2+… Big Brother Loss of control• All-or-nothing delegation • DREISAM: Protocol for unlinkable delegation of rights on personal data Problem 2: Delegation ofProblem 2: Delegation of ProfilesProfiles Challenge: User-controlled disclosure and use of personal data Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3
http://www.telematik.uni-freiburg.de 6Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Service 1 Profile 1 RFID data Sensor data Policy data Video data AmI changes collection: Conscious communication Unaware human-machine communication User has no control on disclosure of personal data … Sackmann, S., Strüker, J., Accorsi, R.: Personalization in Privacy-Aware Highly Dynamic Systems, CACM 49(9), 2006 Challenge: Avoidance of loss of control on personal data Problem 3: Unaware Collection of ProfilesProblem 3: Unaware Collection of Profiles
http://www.telematik.uni-freiburg.de 7Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> OurOur Approach:Approach: PrivacyPrivacy EvidenceEvidence Accorsi, R.: On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems, IFIP/SEC 2006
http://www.telematik.uni-freiburg.de 8Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Contact me! Sven Wohlgemuth E-Mail wohlgemuth@iig.uni-freiburg.de WWW http://www.telematik.uni-freiburg.de LookingLooking forfor PartnersPartners Challenge: Avoidance of loss of control on personal data Privacy evidences Flexible privacy policy Usable secure interfaces Delegation Secure logging & audit Watch this space!

Recommended

Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenSven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySven Wohlgemuth
 
Security Made in Germany gateprotect
Security Made in Germany gateprotectSecurity Made in Germany gateprotect
Security Made in Germany gateprotectGiovanni Zanasca
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-HealthSven Wohlgemuth
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 

Recommended

Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenSven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningSven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleSven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementSven Wohlgemuth
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySven Wohlgemuth
 
Security Made in Germany gateprotect
Security Made in Germany gateprotectSecurity Made in Germany gateprotect
Security Made in Germany gateprotectGiovanni Zanasca
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-HealthSven Wohlgemuth
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529FrenchTechCentral
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Emaiv
EmaivEmaiv
EmaivUIZ-whitaker
 
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...Marek Pietrzyk
 
Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23Alain Tassy
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksMatthieu Schapranow
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Securityteam-WIBU
 
Privacy by Design
Privacy by DesignPrivacy by Design
Privacy by DesignEnjoyDigitAll by BNP Paribas
 
Ghassan farra it security a cio perspective
Ghassan farra it security a cio perspectiveGhassan farra it security a cio perspective
Ghassan farra it security a cio perspectivenooralmousa
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Swisscom social media en français
Swisscom social media en françaisSwisscom social media en français
Swisscom social media en françaisSwisscom
 
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Institution
 
G Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P EnglishG Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P EnglishDaniel Chee
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPJoseph Lopez, M.ISM
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperThinPrint
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
G data 10 nov 2010
G data 10 nov 2010G data 10 nov 2010
G data 10 nov 2010Agora Group
 
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading ClustersCyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading ClustersGerd Meier zu Koecker
 
Doing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doDoing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doPatric Dahse
 
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementSven Wohlgemuth
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with BlockchainSven Wohlgemuth
 

More Related Content

Similar to Privacy in Business Processes by Identity Management

WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529FrenchTechCentral
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...Marek Pietrzyk
 
Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23Alain Tassy
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksMatthieu Schapranow
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Securityteam-WIBU
 
Ghassan farra it security a cio perspective
Ghassan farra it security a cio perspectiveGhassan farra it security a cio perspective
Ghassan farra it security a cio perspectivenooralmousa
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
 
Swisscom social media en français
Swisscom social media en françaisSwisscom social media en français
Swisscom social media en françaisSwisscom
 
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Institution
 
G Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P EnglishG Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P EnglishDaniel Chee
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPJoseph Lopez, M.ISM
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperThinPrint
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Security
 
G data 10 nov 2010
G data 10 nov 2010G data 10 nov 2010
G data 10 nov 2010Agora Group
 
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading ClustersCyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading ClustersGerd Meier zu Koecker
 
Doing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doDoing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doPatric Dahse
 

Similar to Privacy in Business Processes by Identity Management (20)

WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
WEBINAR_CNIL_Anonymisation&Pseudonymisation_FrenchTechCentral200529
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Emaiv
EmaivEmaiv
Emaiv
 
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
Marek Pietrzyk - CISO Summit Zurich - Next generation Information Rights Mana...
 
Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23Ge healthcare eu integrating privacy&amp;security 2015 09-23
Ge healthcare eu integrating privacy&amp;security 2015 09-23
 
License-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal NetworksLicense-based Access Control in EPCglobal Networks
License-based Access Control in EPCglobal Networks
 
Demystifying Industrial Security
Demystifying Industrial SecurityDemystifying Industrial Security
Demystifying Industrial Security
 
Privacy by Design
Privacy by DesignPrivacy by Design
Privacy by Design
 
Ghassan farra it security a cio perspective
Ghassan farra it security a cio perspectiveGhassan farra it security a cio perspective
Ghassan farra it security a cio perspective
 
Medtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the HorizonMedtec - Cyber-security Challenges on the Horizon
Medtec - Cyber-security Challenges on the Horizon
 
Swisscom social media en français
Swisscom social media en françaisSwisscom social media en français
Swisscom social media en français
 
BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation BSI British Standards Information Governance Workshop Presentation
BSI British Standards Information Governance Workshop Presentation
 
G Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P EnglishG Data Businessportfolio 10.5 &amp; E P P English
G Data Businessportfolio 10.5 &amp; E P P English
 
Data Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEPData Security and Know-How Protection from PROSTEP
Data Security and Know-How Protection from PROSTEP
 
EU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White PaperEU General Data Protection Regulation - White Paper
EU General Data Protection Regulation - White Paper
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
IBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions RoadmapIBM Insight 2015 - Security Sessions Roadmap
IBM Insight 2015 - Security Sessions Roadmap
 
G data 10 nov 2010
G data 10 nov 2010G data 10 nov 2010
G data 10 nov 2010
 
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading ClustersCyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
CyberSecurity in Germany: Research Trends, Industrial Hub and Leading Clusters
 
Doing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doDoing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and do
 

More from Sven Wohlgemuth

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementSven Wohlgemuth
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with BlockchainSven Wohlgemuth
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSven Wohlgemuth
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)Sven Wohlgemuth
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacySven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...Sven Wohlgemuth
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsSven Wohlgemuth
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzSven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationSven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009Sven Wohlgemuth
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementSven Wohlgemuth
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable SecuritySven Wohlgemuth
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSven Wohlgemuth
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanagerSven Wohlgemuth
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecuritySven Wohlgemuth
 
PersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsPersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsSven Wohlgemuth
 
PersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardPersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardSven Wohlgemuth
 

More from Sven Wohlgemuth (20)

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 
iManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter IdentitätsmanageriManager - nutzer-zentrierter Identitätsmanager
iManager - nutzer-zentrierter Identitätsmanager
 
ATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable SecurityATUS - A Toolkit for Usable Security
ATUS - A Toolkit for Usable Security
 
PersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet ApplicationsPersoApp - Secure and User-Friendly Internet Applications
PersoApp - Secure and User-Friendly Internet Applications
 
PersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID cardPersoApp - An Open Source Community for the new German national ID card
PersoApp - An Open Source Community for the new German national ID card
 

Recently uploaded

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfMilind Agarwal
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdfThe Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
The Intriguing World of CDR Analysis by Police: What You Need to Know.pdf
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 

Privacy in Business Processes by Identity Management

  • 1. PrivacyPrivacy in Businessin Business ProcessesProcesses byby IdentityIdentity ManagementManagement IST 2006, Helsinki, November 23IST 2006, Helsinki, November 23rdrd, 2006, 2006 Sven Wohlgemuth Prof. Dr. Günter Müller Albert-Ludwig University of Freiburg, Germany Institute of Computer Science and Social Studies Department of Telematics http://www.telematik.uni-freiburg.de
  • 2. http://www.telematik.uni-freiburg.de 2Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> IIG Telematics Prof. Dr. Günter Müller Computer science (7 assistants) Privacy & security E-Commerce Economics (7 assistants) • iManager: Security and usability by identity management (CeBIT 2003, doIT Software-Award 2003) • Int. Conference on Emerging Trends in Information and Communication Security (ETRICS) 2006 • Editor of CACM special issue “Privacy and Security in Highly Dynamic Systems”, Sept. 2006 • Electronic Commerce Enquête 2005: Use of IT in German enterprises • Coordination of German Priority Programme “Security in the Information and Communication Technology” • Coordination of FIDIS NoE work package “Privacy in Business Processes”
  • 3. http://www.telematik.uni-freiburg.de 3Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> 43,6% 37,3% 34,4% 34,2% 22,6% 20,9% 44,3% 46,8% 49,8% 47,7% 56,7% 58,4% 12,0% 16,0% 15,8% 18,1% 20,7% 20,7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% no medium high Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php SurveySurvey forfor Germany (ECE IV)Germany (ECE IV) MostMost ImportantImportant BarriersBarriers forfor PersonalizedPersonalized ServicesServices
  • 4. http://www.telematik.uni-freiburg.de 4Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> I want a car Car Service 1 Service 2 Challenge: User-controlled disclosure of personal data I need money Money Profile 1 Profile 2 Jendricke, U., Gerd tom Markotten, D.: Usability meets Security - The Identity-Manager as your Personal Security Assistant for the Internet, ACSAC, 2000 Problem 1: Linkability ofProblem 1: Linkability of ProfilesProfiles Personalised services: Conscious data collection Creating profiles Tracing an user by identifying data U = profile Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Identity management (e.g. Freiburg iManager)
  • 5. http://www.telematik.uni-freiburg.de 5Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, LNCS 3995, 2006 Need medical help Therapy Service 1 Blood analysis of P Result Service 2 … Person Person Profile 2 Profile 1+2+… Big Brother Loss of control• All-or-nothing delegation • DREISAM: Protocol for unlinkable delegation of rights on personal data Problem 2: Delegation ofProblem 2: Delegation of ProfilesProfiles Challenge: User-controlled disclosure and use of personal data Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3 Driving licence Stella Freiburger Classes: ABE Friedrichstr. 50 D-79098 Freiburg Germany IP: 132.15.16.3
  • 6. http://www.telematik.uni-freiburg.de 6Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Service 1 Profile 1 RFID data Sensor data Policy data Video data AmI changes collection: Conscious communication Unaware human-machine communication User has no control on disclosure of personal data … Sackmann, S., Strüker, J., Accorsi, R.: Personalization in Privacy-Aware Highly Dynamic Systems, CACM 49(9), 2006 Challenge: Avoidance of loss of control on personal data Problem 3: Unaware Collection of ProfilesProblem 3: Unaware Collection of Profiles
  • 7. http://www.telematik.uni-freiburg.de 7Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> OurOur Approach:Approach: PrivacyPrivacy EvidenceEvidence Accorsi, R.: On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems, IFIP/SEC 2006
  • 8. http://www.telematik.uni-freiburg.de 8Sven Wohlgemuth <wohlgemuth@iig.uni-freiburg.de> Contact me! Sven Wohlgemuth E-Mail wohlgemuth@iig.uni-freiburg.de WWW http://www.telematik.uni-freiburg.de LookingLooking forfor PartnersPartners Challenge: Avoidance of loss of control on personal data Privacy evidences Flexible privacy policy Usable secure interfaces Delegation Secure logging & audit Watch this space!