Privacy conscious architecture for personal information transfer from a personal trusted device to an HTTP based service

Abstract

Modern services request personal information from their customers. The personal information is not needed only for identifying the customer but also for customising the service for each customer. In this paper we first analyse the existing approaches for personal information handling and point out their weaknesses. We desribe an architecture for the delivery of personal information from the customer to the HTTP based service in the Internet. For personal information storing our architecture relies on a mobile device, such as a customer’s mobile phone. The access of the service is conducted with a traditional desktop computer. The information is transmitted to the service on request via a desktop computer that fetches the information from a mobile device over a wireless link. The goal of our approach is to simplify the use of services by helping the customer to provide the required personal information. Furthermore our approach is designed so that existing services require only minor changes. We introduce methods for the customer to control his own privacy by providing notation to define the required security measures for automated data transfer. Finally we discuss the possible security risks of our architecture.

Keywords