D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes: Future of IDentity in the Information Society

You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes >

Resources

Identity Use Cases & Scenarios.
FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
  - D13.1: Identity and impact of privacy enhancing technologie.
  - D13.1 Addendum: Identity and impact of privacy enhancing technologies.
  - D13.3: Study on ID number policies.
  - D13.6 Privacy modelling and identity.
  - D13.7: Workshop Privacy.
  - D14.1: Workshop on Privacy in Business Processes.
  - D14.2: Study on Privacy in Business Processes by Identity Management.
  - D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes.
  - D14.4: Workshop on “From Data Economy to Secure.
  - D16.3: Towards requirements for privacy-friendly identity management in eGovernment.
- Mobility and Identity.
- Other.
IDIS Journal.
FIDIS Interactive.
Press & Events.
In-House Journal.
Booklets
Identity in a Networked World.
Identity R/Evolution.

Title:
REQUIREMENTS FOR A VERIFIABLE PROCESSING OF PERSONAL DATA

Requirements for a verifiable Processing of Personal Data

A security mechanism to support a verifiable data processing with respect to the protection goals confidentiality and accountability must have the following properties:

Identification of a collection of personal data contrary to the agreed privacy policy.
Preventing storage and delegation of personal data which is in conflict to the agreed privacy policy or at least generating an unmodifiable transcript of these activities.
Preventing an undesired usage of personal data, that means user has not given his consent to this usage, or at least generating an unmodifiable transcript of such activities.

Proving the authenticity of service providers is a countermeasure against man-in-the-middle attacks, but it is not sufficient for protecting against a misuse of user’s profiles. The behaviour of the information system of service providers remains unknown to the user. Therefore, an authentication addresses not a service provider but his information system. In case of a certified information system, a user gets an evidence for its possible behaviour. In case of an uncertified information system, the security mechanism must create evidences for the behaviour of the information system concerning the collection, use, storage and delegation of personal data. Creating an unmodifiable transcript is one step towards such evidence. Since those activities require access to personal data, the monitor of the access control system of service providers has to be modified in order to log these activities. A user must be able to verify whether this monitor is part of the information system and whether applications concerning the processing of personal data are controlled by this monitor.

Trusted Computing is a technique for ensuring the authenticity of software, e.g. such a monitor. In the following, this technique is introduced and evaluated for this purpose and a monitor is presented in order to support the enforcement of privacy policies.

13 / 39