WO2009072801A2 - Système de gestion d'identité à politique de confidentialité utilisant un numéro et procédé correspondant - Google Patents

Système de gestion d'identité à politique de confidentialité utilisant un numéro et procédé correspondant Download PDF

Info

Publication number
WO2009072801A2
WO2009072801A2 PCT/KR2008/007130 KR2008007130W WO2009072801A2 WO 2009072801 A2 WO2009072801 A2 WO 2009072801A2 KR 2008007130 W KR2008007130 W KR 2008007130W WO 2009072801 A2 WO2009072801 A2 WO 2009072801A2
Authority
WO
WIPO (PCT)
Prior art keywords
privacy policy
user
user information
grade
request message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2008/007130
Other languages
English (en)
Other versions
WO2009072801A3 (fr
Inventor
Jonghyouk Noh
Seunghyun Kim
Soohyung Kim
Daeseon Choi
Sangrae Cho
Youngseob Cho
Seunghun Jin
Kyoil Chung
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020080108911A external-priority patent/KR101086452B1/ko
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority to US12/746,498 priority Critical patent/US20100281514A1/en
Publication of WO2009072801A2 publication Critical patent/WO2009072801A2/fr
Publication of WO2009072801A3 publication Critical patent/WO2009072801A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Definitions

  • the present invention relates to a system for managing identity with a privacy policy for each grade and a method thereof, and more specifically, to a system for managing identity that represent a privacy policy using a number and a method thereof.
  • the system for managing Internet identity is to create a convenient and safe environment when the user provides personal information while using the Internet.
  • the system for managing Internet identity provides a Single Sign On (SSO) service that can freely use a large number of sites on the Internet through a one time log-in procedure and optimally maintains and safely manages the user's personal information by storing his/her personal information in a safe site.
  • SSO Single Sign On
  • SAML available from the OASIS Group
  • ID-FF ID-FF
  • ID-WSF ID-SIS
  • ID-SIS ID-SIS
  • MS WS-Security
  • P3P available from W3C
  • XACML available from OASIS
  • EPAL available from IBM, and the like.
  • the P3P is used to control cookies in the Internet Explorer that is now a web browser of MS.
  • the XACML which is a standard for representing an access control policy, defines a policy representation language, an access control request message, a response message, etc.
  • the EPAL which is a method of controlling a company to share the user information, defines a policy representation language similar to the XMCML.
  • the system for managing Internet identity manages the user's personal information in an attribute provider (AP) server, which is a site or system trusted by the user.
  • an attribute provider (AC) server When the user uses the Internet services at a different site, that is, an Attribute Consumer (AC) server, if the attribute consumer server needs the user's personal information, the attribute consumer server asks the attribute provider server for the user's personal information.
  • the attribute provider server provides or does not provide the user's personal information to the attribute consumer server by determining whether or not it provides the user's personal information according to a user's rule. In some cases, the attribute provider server obtains the user's consent to provide his/her personal information to the attribute consumer server.
  • the attribute provider server which is a reliable site or system, manages the user's personal information, such that the user can safely manage his/her personal information. Also, the attribute consumer server, which provides the Internet service, asks the attribute provider server for the user's personal information only when needed, such that the user's personal information is not unnecessarily spread and distributed into various locations.
  • Controlling the distribution of personal information generally depends on the following process.
  • the attribute consumer server which wants to use the personal information, transmits a message to be "provide information on a specific user's resource in order to perform action on the specific user's resource for a specific purpose" to the attribute provider server that stores the user's personal information.
  • the attribute provider server receives the personal information request message transmitted from the attribute consumer server, it determines whether to distribute the information according to the privacy policy stored therein.
  • the attribute provider server creates a message to be "permit the information distribution but necessarily keep a specific obligation" and provides it to the attribute consumer server.
  • the determination is rejection, a message to be “non-permit the information dis- tribution” is created and transmitted to the attribute consumer server.
  • the attribute consumer server is operated depending on the received message.
  • the privacy policy which is based on the determination on the distribution of the user's personal information, can be represented in various methods.
  • Components of the privacy policy may generally include subjects using information, resources to be used, and actions on information.
  • the region in which the systems requesting the information, providing the information, and determining the information distribution are operated according to the privacy policy, as described above, is called a privacy domain.
  • the privacy policy may include subjects, user information lists, actions to be performed and the like which belong to the privacy domain.
  • the present invention proposes to solve the above-mentioned problems.
  • An attribute consumer server used in a system for managing identity includes: a request module that creates a user information request message; and a communication module that transmits the user information request message to a server for an attribute provider server, wherein the user information request message includes a privacy policy that represents at least one term of use subjects, use purposes, and use periods using a grade.
  • the privacy policy further includes at least one term of use conditions and obligations in the use, which are based on a grade.
  • an attribute provider server in a system for managing identity includes: a communication module that receives from an attribute consumer server a user information request message including a privacy policy that represents at least one term of use subjects, use purposes, and use periods using a grade; a privacy policy DB that stores the user's privacy policy that represents at least one term of use subjects, use purposes, and use periods using the grade; and a determination module that analyzes the user information request message to extract the user's privacy policy from the privacy policy DB and compares the extracted privacy policy and the privacy policy included in the user information request message to determine whether or not to provide the user information.
  • the determination module compares the grades for each term of the privacy policy included in the user information request message and the extracted privacy policy and provides the user information to the attribute consumer server only when the privacy policy included in the user information request message has the grade equal to or higher than the extracted privacy policy.
  • the privacy policy further includes at least one term of the use conditions and the obligations in the use, which are represented using the grade.
  • the grade is represented by a number.
  • a method for managing identity which is a method for allowing an attribute provider server in the system for managing identity to manage user information, includes: receiving a user information request message including a privacy policy that represents at least one term of a privacy policy representing use subjects, use purposes, and use periods using a grade; analyzing the user information request message to extract the privacy policy of the corresponding user from a privacy policy DB; and comparing the extracted privacy policy and the privacy policy included in the user information request message to determine whether or not to provide the user information, wherein the privacy policy DB stores the privacy policy of the user representing at least one term of use subjects, use purposes, and use periods using the grade.
  • the privacy policy further includes at least one term of the use conditions and the obligations in the use, which are represented using the grade.
  • the grade is represented by a number.
  • the privacy policy representation can be simplified and the policy comparison can be conveniently processed. Since the privacy policy is conveniently represented, when the user's personal information is distributed, it is easy for the user to determine whether or not to permit the distribution of the user's personal information. Therefore, the user can accurately determine whether the distribution of the user's personal information is permitted, prevent his/her personal information from being distributed to an undesired attribute consumer server, and conveniently and safely manage his/her personal information.
  • FIG. 1 is a view for schematically explaining a system for managing identity having a privacy policy for each grade according to the present invention
  • FIG. 2 is a detailed view for explaining in detail a system for managing identity having a privacy policy for each grade according to the present invention
  • FIG. 3 is an exemplification view for explaining a privacy policy according to the present invention.
  • FIG. 4 is a flow chart for explaining a method for allowing an attribute provider server to manage user's identity according to the present invention. Best Mode for Carrying Out the Invention
  • FIG. 1 is a view for schematically explaining a system for managing identity having a privacy policy for each grade according to the present invention.
  • FIG. 2 is a view showing one embodiment of a privacy policy stored in privacy policy databases 120 and 220 of FIG. 1.
  • the system for managing identity according to the present invention includes an attribute consumer server 100 and an attribute provider server 200.
  • the attribute consumer server 100 is a service provider server that provides predetermined Internet services to a user using Internet connection tools, such as mobile terminals, desk tops, or notebooks. For example, it may be an Internet service provider that provides shopping service, financial service, game service, and the like.
  • the attribute consumer server 100 creates the request message including its privacy policy and requests user information to the attribute provider server 200.
  • the attribute provider server 200 receives the request message from the attribute consumer server 100 and compares the privacy policies owned by the attribute provider server to determine whether or not to provide the corresponding user information to the attribute consumer server 100. Also, the attribute provider server 200 can permit or not permit of the offer of the user information to the attribute consumer server 100 according to the determination result.
  • FIG. 2 is a detailed view for explaining in detail a system for managing identity having a privacy policy for each grade according to the present invention
  • the attribute consumer server 100 includes a request module 110, a privacy policy database 120 (hereinafter, referred to as 'privacy policy DB'), and a communication module 130.
  • the privacy policy DB 120 stores a privacy policy of the attribute consumer server
  • the privacy policy according to the embodiment of the present invention which is stored in the privacy policy DB 120, can be represented as shown in FIG. 3. More specifically, the privacy policy of the present invention represents one data term (for example, user information), that is, a term, such as the use subjects, the use purposes, the use periods, etc., using a grade (for example, a number).
  • a grade for example, a number
  • the "use subject' is an object that uses the corresponding data.
  • the 'use subject' may be an individual that obtains the current user information, an individual that is lawfully guaranteed, an individual that is lawfully associated with the individual obtaining the user information, a third party that has nothing to do with the individual obtaining the user information, etc.
  • the division for the above-mentioned use subjects is merely one embodiment and the use subjects can be subdivided for each privacy domain and variously represented. In the present invention, the use subjects represented as described above are divided using a grade.
  • the use subject for one user information can be divided and represented as follows: when the use subject is limited to only the individual that obtains the current user information, it is set to a first grade; when the use subject is limited to the individual that is lawfully guaranteed, it is set to a second grade; when the use subject is limited to the individual that is lawfully associated with the individual obtaining the user information, it is set to a third grade; and when the use subject is limited to the third part that has lawfully nothing to do with the individual obtaining the user information, it is set to a fourth grade.
  • the 'use purpose' means that the attribute consumer server 100 uses the user information.
  • the use purpose may be user services, statistics, marketing, a third purpose, etc.
  • the division for the above-mentioned use purposes is merely one embodiment and the use subjects can be subdivided for each privacy domain and variously represented. In the present invention, the use purposes represented as described above are divided using a grade.
  • the use subject for one user information can be divided and represented as follows: when the use purpose is limited to providing services to the user, it is set to a first grade; when the use purpose is limited to statistics, it is set to a second grade; when the use purpose is limited to marketing, it is set to a third grade; and when the use purpose is limited to a third purpose, it is set to a fourth grade.
  • the 'use period' means a period where the attribute consumer server 100 uses the user information.
  • the use period means a period where the attribute consumer server 100 obtains the user information and then stores the information. For example, it may be within one day, within three days, within five days, five days or more, etc.
  • the division for the above-mentioned use period is merely one embodiment and the use periods can be subdivided for each privacy domain and variously represented. In the present invention, the use periods represented as described above are divided using a grade.
  • the period where the attribute consumer server 100 obtains one user information and then stores it is within one day, it is set to a first grade; when the period where the attribute consumer server 100 obtains one user information and then stores it is within three days, it is set to a second grade; when the period where the attribute consumer server 100 obtains one user information and then stores it is within five days, it is set to a third grade; and when the period where the attribute consumer server 100 obtains one user information and then stores it is five days or more, it is set to a first grade.
  • the grades of the use subjects, the use purposes, and the use periods, and the like, which are represented in the privacy policy are not represented by only a number and can be simply represented by a grade representing method promised between the attribute consumer server and the attribute provider server. For example, it is possible to represent a degree of the grade by correspondingly assigning alphabet letter, that is, A-B-C-D.
  • the privacy policy according to the present invention can be more variously represented according to the privacy domain. And, in addition to the use subject, the use purpose, and the use period, the use condition and the obligation in the use, and the like may be included according to the privacy domain.
  • the request module 110 extracts the privacy policy of the corresponding user from the privacy policy DB 120 when the attribute consumer server 100 needs the user information. And, the request module 100 creates the user information request message (hereinafter, referred to 'request message') including the identification information of the corresponding user and the privacy policy of the corresponding user.
  • 'request message' the user information request message
  • a communication module 130 transmits the request message created in the request module 110 to the attribute provider server 200.
  • the attribute provider server 200 includes a determination module 210, a privacy policy database 220 (hereinafter, 'privacy policy DB'), a user information database 230 (hereinafter, 'user information DB'), and a communication module 240.
  • the privacy policy DB 220 stores the privacy policy of the attribute provider server 200.
  • the privacy policy stored in the privacy policy DB 220 may be uniquely established for each user. For example, an A user and a B user stored in the privacy policy DB 220 may use different privacy policies and share the same privacy policies.
  • the privacy policy is represented as shown in FIG. 3, and may be differently represented for each user and stored in the privacy policy DB 220.
  • the user information DB 230 stores the user's personal information.
  • the user's personal information which means the information indicating features owned by a person, indicates a company address, a home address, a telephone number, user information such as a family issued or registered from or in an organization such as a government or a company, a school career, taste, a religion, and the like.
  • the user's personal information means the personal information that can uniquely identify a person.
  • the user's identity stored in the user information DB 230 may be personal information directly prepared by the user, personal information issued from the reliable organization, and false information, and the like.
  • the determination module 210 When the determination module 210 receives the message that requests the user's personal information from the attribute consumer server 100, it analyzes the received request message to determine which user information is requested by the attribute consumer server 100 using the user identification information included in the request message and extract the privacy policy of the corresponding user from the privacy policy DB 220. Further, the determination module 210 compares the extracted privacy policy and the privacy policy (that is, the privacy policy received from the attribute consumer server) included in the request message to determine whether or not to provide the user information to the attribute consumer server 100. Also, the determination module 210 creates a response message corresponding to the determination result.
  • the determination module 210 includes a request message analyzing unit 214, a policy comparing and determining unit 216, and a response message creating unit 218.
  • the request message analyzing unit 214 analyzes the request message received from the attribute consumer server 100 through the communication module 240 to determine which user information is requested by the attribute consumer server 100 using the user identification information included in the request message and extracts the privacy policy of the corresponding user from the privacy policy DB 220.
  • the policy comparing and determining unit 216 receives the extracted privacy policy from the request message analyzing unit 214 and compares the extracted privacy policy with the privacy policy included in the request message to determine whether or not to provide the user information to the attribute consumer server 100.
  • the response message generating unit 218 creates the response message corresponding to the determination result in the policy comparing and determining unit 216.
  • the response message generating unit 218 obtains the corresponding user information from the user information DB 230 and creates the response message.
  • the response message generating unit 218 creates the response message including the non-permitted reason.
  • the communication module 240 receives the request message transmitted from the attribute consumer server 100 and transmits the request message to the determination module 210 and transmits the response message transmitted from the determination module 210 to the attribute consumer server 100.
  • FIG. 4 is a flow chart for explaining a method for allowing the attribute provider server to manage the user's identity according to the present invention.
  • the attribute provider server 200 receives the message (hereinafter, referred to
  • the request message received by the attribute provider server 200 from the attribute consumer server 100 includes the privacy policy that is represented using a grade.
  • the request message includes the privacy policy of the attribute consumer server 100 that represents the use purpose, the use subject, and the use period of the user information, and the like using a grade.
  • the request message includes identification information that can identify the corresponding user, such that the attribute provider server 200 receiving the request message can identify the user.
  • the 'use subject' is herein an object that uses the corresponding data item.
  • the 'use purpose' means a purpose using the user information.
  • it may be user services, statistics, marketing, a third purpose, etc.
  • the 'use period' means a period using the user information. In other words, it means a period where the attribute consumer server obtains the user information and then stores the user information. For example, it may be within one day, within three days, within five days, five days or more, etc.
  • the attribute provider server 200 When the attribute provider server 200 receives the request message from the information consumer server 100, it analyzes the received request message to determine which user information is requested by the attribute consumer server 100 using the identification information included in the request message and extracts the privacy policy of the corresponding user from the privacy policy DB (S20).
  • the attribute provider server 200 compares the extracted privacy policy and the privacy policy included in the request message to determine whether or not to provide the user information to the attribute consumer server 100 (S30). Herein, the attribute provider server 200 determines whether the privacy policy of the attribute consumer server is equal to or stricter than the privacy policy of the corresponding user (S40).
  • the attribute provider service 200 extracts the user information of the corresponding user from the user information DB and creates the response message including the extracted user information (S50). For example, in the case of the privacy policy that represents the terms, such as the use subject, the use purpose, and the use period, using the number, when the privacy policy of the attribute consumer server 100 has a number that is equal to or lower than the privacy policy of the attribute provider server 200, the attribute provider server 200 provides the user information to the attribute consumer server 100. At this time, the lower the number, the stricter the grade becomes, that is, the stricter the privacy policy becomes.
  • the attribute provider service 200 creates the response message including the reason why the offer of the user information is not permitted (S70). For example, the response message including a message to be "the user information cannot be provided due to the privacy policy" is created.
  • the attribute provider server 200 transmits the response message created at step

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Operations Research (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un module de demande qui crée un message de demande d'informations d'utilisateur et un module de communication qui transmet ce message à un serveur fournisseur d'attributs, le message de demande d'informations d'utilisateur possédant une politique de confidentialité qui représente au moins une condition concernant les utilisateurs, les domaines d'applications, et les périodes d'utilisation au moyen d'une note. Avec cette invention, la représentation de la politique de confidentialité peut être simplifiée et la comparaison des politiques convenablement traitée.
PCT/KR2008/007130 2007-12-05 2008-12-03 Système de gestion d'identité à politique de confidentialité utilisant un numéro et procédé correspondant Ceased WO2009072801A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/746,498 US20100281514A1 (en) 2007-12-05 2008-12-03 System for managing identity with privacy policy using number and method thereof

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2007-0125439 2007-12-05
KR20070125439 2007-12-05
KR1020080108911A KR101086452B1 (ko) 2007-12-05 2008-11-04 등급별 프라이버시 정책을 갖는 아이덴터티 관리 시스템 및그 방법
KR10-2008-0108911 2008-11-04

Publications (2)

Publication Number Publication Date
WO2009072801A2 true WO2009072801A2 (fr) 2009-06-11
WO2009072801A3 WO2009072801A3 (fr) 2009-08-06

Family

ID=40718345

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2008/007130 Ceased WO2009072801A2 (fr) 2007-12-05 2008-12-03 Système de gestion d'identité à politique de confidentialité utilisant un numéro et procédé correspondant

Country Status (1)

Country Link
WO (1) WO2009072801A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011127985A1 (fr) * 2010-04-16 2011-10-20 Nokia Siemens Networks Oy Identités virtuelles
EP4575865A1 (fr) * 2023-12-22 2025-06-25 INTEL Corporation Concept pour un service de recommandation d'attestation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7162640B2 (en) * 2003-03-11 2007-01-09 Microsoft Corporation System and method for protecting identity information
EP1774744A2 (fr) * 2004-07-09 2007-04-18 Matsushita Electric Industrial Co., Ltd. Systeme et procede de gestion de l'authentification d'un utilisateur et autorisation de service necessitant une signature unique pour acceder a des multiples interfaces reseau
KR100670826B1 (ko) * 2005-12-10 2007-01-19 한국전자통신연구원 인터넷 개인 정보 보호 방법 및 그 장치
KR100670832B1 (ko) * 2005-12-12 2007-01-19 한국전자통신연구원 에이전트를 이용한 사용자 개인정보 송수신 방법 및 장치

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011127985A1 (fr) * 2010-04-16 2011-10-20 Nokia Siemens Networks Oy Identités virtuelles
EP4575865A1 (fr) * 2023-12-22 2025-06-25 INTEL Corporation Concept pour un service de recommandation d'attestation

Also Published As

Publication number Publication date
WO2009072801A3 (fr) 2009-08-06

Similar Documents

Publication Publication Date Title
JP6920703B2 (ja) アクセスデバイス
US9311679B2 (en) Enterprise social media management platform with single sign-on
CA3099355C (fr) Systeme et procede pour fournir des messages de reponse personnalises sur la base du site web demande
US8205790B2 (en) System and methods for customer-managed device-based authentication
US20030088520A1 (en) System, method, and business methods for enforcing privacy preferences on personal-data exchanges across a network
US20100281514A1 (en) System for managing identity with privacy policy using number and method thereof
US20120311663A1 (en) Identity management
US9122858B2 (en) Accessing multiple client domains using a single application
US20040073668A1 (en) Policy delegation for access control
AU2013295701A1 (en) Method and system for secure authentication and information sharing and analysis
US11983284B2 (en) Consent management methods
Carminati et al. Trust and share: Trusted information sharing in online social networks
JP2016148919A (ja) ユーザ属性情報管理システムおよびユーザ属性情報管理方法
WO2009072801A2 (fr) Système de gestion d'identité à politique de confidentialité utilisant un numéro et procédé correspondant
WO2009066858A1 (fr) Appareil de gestion d'informations personnelles et procédé de gestion d'informations personnelles
US20120240210A1 (en) Service access control
US20180189465A1 (en) Message providing and assessment system
Kim et al. A study on policy-based access control model in SNS
JP2017182134A (ja) ログイン管理システム、ログイン管理方法及びログイン管理プログラム
US20250348571A1 (en) Device and Method for Providing Customizable Secure Access to a Computer System
US9769108B1 (en) System and method for securing information provided via a social network application
KR100848321B1 (ko) 프라이버시 도메인 간 개인 정보 유통의 제어를 위한 방법및 그 장치
JP5551114B2 (ja) 属性情報開示制御システム、属性情報開示制御方法、情報保有サーバ、及び属性情報開示制御プログラム
Olzak Unified identity management
JP2006190144A (ja) 端末装置、aspサーバ及びaspサービスシステム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08856083

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 12746498

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08856083

Country of ref document: EP

Kind code of ref document: A2