Personal Information Management in a Ubiquitous Computing Environment

Institute of Systems & Information Technologies/KYUSHU

Kenichi Takahashi

Introduction

Popularization of mobile technologies e.g. cellular phone, wireless LAN

HotSpot services Airport, food shop, etc...

Ubiquitous Computing System

Ubiquitous Computing Environment

Anywhere, Anytime and Anyone

officeoffice

TVRadio

PCTel

To realize ubiquitous computing environment

Service-use mechanism Each service has a protocol for it use

Protection of private information

Necessary to protect private information while keeping usability

How to deal with private information in the yahoo

How to deal with private information in the yahoo

Private Policy in the yahoo

P3P and EPAL P3P（ The Platform for Privacy

Preference）， EPAL（ The Enterprise Privacy Authorization Language） What purpose does a collector collect it for? How does a collector operate it? Machines are able to interpret private

policies automatically

PrivateInformation

Collector

Privacy Policy

Private Information

Preference

compare

But ...

Users must still believe privacy policies indicated from a collector

Necessary to protect private information by user’s self Users must be able to control a way that

collectors use user’s private information Necessary to correspond to various services

Our Proposal Model

Each User and service provider are defined as a agent Each agent has the Public Zone and

Private Zone Public Zone provides a mechanism for

corresponding to various services Private Zone provides a mechanism for

protecting private information by myself

Basic idea on the Public Zone For corresponding to various services The service = Client Program＋ Service Program

Client Program is executed by users Service Program is executed by service providers

User

Public Zone Public Zone

Service Provider

ServiceProgram

ClientProgram

ClientProgram pair

get

communicate

PrivateResources

Private Zone

Se

curity

Ba

rrier

Check the access

What information?

What purpose?How operate?

:

What information?

What purpose?How operate?

:

Basic idea on the Private Zone Check the access from the Public Zone Monitor the communication with other agents Push a program for dealing with private

information

User

Public ZonePrivate Zone

Se

curity B

arrier

ClientProgram

PrivateResources

Check by Permission

AccessedTable

regist

Service Provider

Check by Partner and Method

ServiceProgram

PrivatePolicy

registClient

Programpush

communicate

The Private Policy Permission

What information access does agent allow a program to access to

What purpose does agent allow to access for Partner

Who does agent allow a program to communicate with

Method What operations using it are allowed

Conclusion

The Public and Private Zone model Proposed basic ideas Public Zone: correspond to various

services Private Zone: manage information by

user’s self

A lot of future work are remained!

Future Works How to create a pushed program

→ by combination of some components Protection of a program from illegal

rewriting→ mobile cryptography, program obfuscation

Verification of whether a program returns a correct result or not→ verify a program after result returned

Refusal of malicious programs

The Overview of our Model

Public Zone

Private Zone

Protect private information

Manage services for providing to other agent

Services

Private information forbid

Agent

Access to the serviceAgent

Security Barrier