UJDigispace Repository

Enforcing Privacy on the Internet.

Show simple item record

dc.contributor.author Lategan, Frans Adriaan
dc.date.accessioned 2008-06-02T10:16:50Z
dc.date.available 2008-06-02T10:16:50Z
dc.date.issued 2008-06-02T10:16:50Z
dc.date.submitted 2002
dc.identifier.uri http://hdl.handle.net/10210/495
dc.description.abstract Privacy of information is becoming more and more important as we start trusting unknown computers, servers and organisations with more and more of our personal information. We distribute our private information on an ever-increasing number of computers daily, and we effectively give target organisations carte blanche to do what they want with our private information once they have collected it. We have only their privacy policy as a possible safeguard against misuse of our private information. Thus far, no reliable and practical method to enforce privacy has been discovered. In this thesis we look at ways to enforce the privacy of information. In order to do this, we first present a classification of private information based on the purpose it is acquired for. This will then enable us to tailor protection methods in such a way that the purpose the information is acquired for can still be fulfilled. We propose three distinct methods to protect such information. The first method, that of nondisclosure, is where private information is required not for the contents, but as input to verify calculations. We shall present an encryption method to protect private information where the private information consists of a set of numeric values S on which some function G has to be applied and the result = G(S) has to be supplied to a target organisation. The calculation of the result must be verifiable by the target organisation, without disclosing S. The second method, that of retaining control is a method by which we can grant limited access to our private information, and thus enforce the terms of privacy policies. The final method we present is a conceptual method to extend P3P in order to add more flexibility to the decision on whether or not a given item of private information will be supplied to a target organisation by using the Chinese Wall security policy. This will enable a user to not only define rules as to which items of private information he would disclose, but also to define what collection of private information any given organisation would be able to build about him. en
dc.description.sponsorship Olivier, M.S., Prof. en
dc.language.iso en en
dc.subject internet en
dc.subject internet security en
dc.subject computer security en
dc.subject data protection en
dc.subject right of privacy en
dc.title Enforcing Privacy on the Internet. en
dc.type Thesis en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UJDigispace


Browse

My Account

Statistics