Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi

Introduction Popularization of mobile technologies e.g. cellular phone, wireless LAN HotSpot services Airport, food shop, etc... Ubiquitous Computing System

Ubiquitous Computing Environment Anywhere, Anytime and Anyone TV Radio PC Tel

To realize ubiquitous computing environment Service-use mechanism Each service has a protocol for it use Protection of private information Necessary to protect private information while keeping usability

How to deal with private information in the yahoo

Private Policy in the yahoo

P3P and EPAL P3P （ The Platform for Privacy Preference ）， EPAL （ The Enterprise Privacy Authorization Language ） What purpose does a collector collect it for? How does a collector operate it? Machines are able to interpret private policies automatically Private Information Collector Privacy Policy Private Information Preference compare

But... Users must still believe privacy policies indicated from a collector Necessary to protect private information by user ’ s self Users must be able to control a way that collectors use user ’ s private information Necessary to correspond to various services

Our Proposal Model Each User and service provider are defined as a agent Each agent has the Public Zone and Private Zone Public Zone provides a mechanism for corresponding to various services Private Zone provides a mechanism for protecting private information by myself

Basic idea on the Public Zone For corresponding to various services The service = Client Program ＋ Service Program Client Program is executed by users Service Program is executed by service providers User Public Zone Service Provider Service Program Client Program Client Program pair get communicate Private Resources Private Zone Security Barrier Check the access What information? What purpose? How operate? :

What information? What purpose? How operate? : Basic idea on the Private Zone Check the access from the Public Zone Monitor the communication with other agents Push a program for dealing with private information User Public Zone Private Zone Security Barrier Client Program Private Resources Check by Permission Accessed Table regist Service Provider Check by Partner and Method Service Program Private Policy regist Client Program push communicate

The Private Policy Permission What information access does agent allow a program to access to What purpose does agent allow to access for Partner Who does agent allow a program to communicate with Method What operations using it are allowed

Conclusion The Public and Private Zone model Proposed basic ideas Public Zone: correspond to various services Private Zone: manage information by user ’ s self A lot of future work are remained!

Future Works How to create a pushed program → by combination of some components Protection of a program from illegal rewriting → mobile cryptography, program obfuscation Verification of whether a program returns a correct result or not → verify a program after result returned Refusal of malicious programs

The Overview of our Model Public Zone Private Zone Protect private information Manage services for providing to other agent Services Private information forbid Agent Access to the service Agent Security Barrier