No reliable method currently exists to safeguard the privacy of private information. Privacy policies are insufficient as compliance can not be enforced automatically. In this paper we propose a model to improve the control the owner of private information has over its protection. This is achieved by classifying private information based on the purpose it is acquired for, and then designing methods to protect each class of private information. Private information is then encrypted using homomorphic functions where such information is only required for validation. The validation can then be performed without divulging the actual private information. In cases where private information is required for other usages, a system based on Kerberos and trusted third parties is used in order to maintain as much control over private information as possible. Keywords Privacy, access control, encryption Computing Review Categories K.4.1, E.3, K.6.5
Frans A. Lategan, Martin S. Olivier