21st IFIP International Information Security Conference (SEC 2006), May 22-24, 2006, Karlstad, Sweden
The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services and the in-creasing regulatory and legal requirements for personal privacy have fueled the need to protect the personal privacy of e-service users. Existing approaches for privacy protection such as the use of pseudonym technology, and personal privacy policies along with appropriate compliance mechanisms are predicated on the e-service provider having possession and control over the user's personal data. In this paper, we propose a new approach for protecting personal privacy in buyer-seller e-commerce: keeping possession and control over the buyer's personally identifiable information in the hands of the buyer as much as possible, with the help of a smart card and a trusted authority. Our approach can also be characterized as distributing personally identifiable information only on a “need to know” basis.
Proceedings of the 21st IFIP International Information Security Conference (SEC 2006).