Browse Prior Art Database

A Method for Privacy-protected User-controlled Information Collection

IP.com Disclosure Number: IPCOM000011552D
Original Publication Date: 2003-Mar-04
Included in the Prior Art Database: 2003-Mar-04
Document File: 4 page(s) / 46K

Publishing Venue

IBM

Abstract

This article relates to a major problem of enterprise privacymanagement. The proposed solution enables any customer to exercise more control over its personal data.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 36% of the total text.

Page 1 of 4

A Method for Privacy-protected User-controlled Information Collection

   This article relates to a major problem of enterprise privacymanagement. The proposed solution enables any customer to exercise more control over its personal data.

In the used scenario, a company collects data from a customer. At a later time, this company discloses the data to a recipient company. The privacy of the user is limited since it cannot control to whom and for what purpose the data is disclosed.

One solution to this privacy problem would be to require (e.g., in a privacy policy) that companies must not disclose data to each other. As a consequence, all companies would have to ask the customer directly. This enables the customer to exercise full control over its data. However, it has two disadvantages:

* It is inconvenient for the customer since the user needs to relay large amounts of data from one company to another.

* It is insecure for the company receiving the data since the user may tamper with the relayed data, i.e., use different data at different companies.

As a consequence, it is described a method for disclosing data directly from one company to another that solves these problems. The described method is convenient for the customer while preventing tampering by direct interaction between both companies.

This guarantees are achieved by enabling the individual customer to authorize each disclosure explicitly by so-called "privacy authorization tokens". These token prove that the company requesting the data is allowed to do so. In addition, it enables the disclosing company to later prove that the disclosure was legitimate.

In the sequel two methods are described which allow the customer to authorize a company to obtain information from another company without requiring interaction by the user. Both methods enable the users to clearly specify the information the second company is allowed to obtain. While the first solution is very simple, it does not provide anonymity/pseudonymity to the customer (i.e., the customer is required to use the same identifier/name at both companies).

This is overcome by the second solution where a customer may use a different name (pseudonym) at each company. Hence, the companies cannot tell whether some piece of information they store concerns the same customer or different ones. Nevertheless, the solution ensures that the information that is provided to the second company concerns the same user. This protects the recipient from fraud by colluding users who might try to provide it with a mixture of information belonging to different customers.

First method:

1

Page 2 of 4

Each customer gets a token from the company that stores data about it. The token can be associated with a specific (sub-)set of the data that that company stores. When another company wants to collect data about/from the user, the user does not send the data. Instead, it hands over the tokens that correspond to the data the company requested. Usi...