Abstract

IFIPSEC05.PDF - C. R. Pearce, P. Bertok, R. van Schyndel,
"Protecting Consumer Data in Composite Web Services",
Security and Privacy in the Age of Ubiquitous Computing , R. Sasaki et al. (ed.), Springer , New York (IFIP TC11 20th International Information Security Conference). Chiba, Japan, May 2005

The increasing number of linkable vendor-operated databases present unique threats to customer privacy and security intrusions, as personal information communicated in online transactions can be misused by the vendor. Existing privacy enhancing technologies fail in the event of a vendor operating against their stated privacy policy, leading to loss of customer privacy and security. Anonymity may not be applicable when transactions require identification of participants. We propose a service-oriented technically enforceable system that preserves privacy and security for customers transacting with untrusted online vendors. The system extends to support protection of customer privacy when multiple vendors interact in composite web services. A semi-trusted processor is introduced for safe execution of sensitive customer information in a protected environment and provides accountability in the case of disputed transactions.

Last updated 3 June 2005
Maintained and authorised by Ron van Schyndel