Privacy and e-commerce: a consumer-centric perspective

Privacy is an ancient concept, but its interpretation and application in the area of e-commerce are still new. It is increasingly widely accepted, however, that by giving precedence to consumer privacy bigger benefits can be reaped by all parties involved. There has been much investigation into the concept of privacy, legal frameworks for protecting this most impalpable of human values and, more recently, computing technologies that help preserve an individual’s privacy in today’s environment. In this paper we review the historical development of this fundamental concept, discussing how advancements both in society and in technology have challenged the right to privacy, and we survey the existing computing technologies that promote consumer privacy in e-commerce. Our study shows that historically the protection of privacy has been driven primarily both by our understanding of privacy and by the advancement of technology, analyses the limitations of privacy protections for current e-commerce applications, and identifies directions for the future development of successful privacy enhancing technologies.     

Managing privacy boundaries together: Exploring individual and group privacy management strategies in Facebook

Most research on privacy management within the context of social network sites (SNSs) treats users as individual owners of private information. Privacy, however, is beyond individual control and is also managed on a group level. This study applies the Communication Privacy Management theory (CPM) to explore the individual and group privacy management strategies in Facebook. We present a survey completed by 900 members of a youth organization regarding their online behaviors and membership. We found that women are more likely to employ individual privacy management strategies, while men are more likely to employ group privacy management strategies. For group privacy management, we found common bond and the role an individual is attributed within the youth organization to be the strongest predictors. The results generated from this study are a first but important step to illustrate the differences and similarities between individual and group privacy management. We argue that it is necessary to further study and understand group privacy to better approach users’ privacy needs.     

XML security - A comparative literature review

Since the turn of the millenium, working groups of the W3C have been concentrating on the development of XML-based security standards, which are paraphrased as XML security. XML security consists of three recommendations: XML (digital) signature, XML encryption and XML key management specification (XKMS), all of them published by the W3C.By means of a review of the available literature the authors draw several conclusions about the status quo of XML security. Furthermore, the current state and focuses of research as well as the existing challenges are derived. Trends to different application areas - e.g. use of XML security for mobile computing - are also outlined. Based on this information the analyzed results are discussed and a future outlook is predicted.     

Privacy-aware collection of aggregate spatial data

Privacy concerns can be a major barrier to collecting aggregate data from the public. Recent research proposes negative surveys that collect negative data, which is complementary to the true data. This opens a new direction for privacy-aware data collection. However, the existing approach cannot avoid certain errors when applied to many spatial data collection tasks. The errors can make the data unusable in many real scenarios. We propose Gaussian negative surveys. We modulate data collection based on Gaussian distribution. The collected data can be used to compute accurate spatial distribution of participants and can be used to accurately answer range aggregate queries. Our approach avoids the errors that can occur with the existing approach. Our experiments show that we achieve an excellent balance between privacy and accuracy.     

Affect,cognition and reward: Predictors of privacy protection online

This article examined the interplay between cognition and affect in Internet uses for privacy control. A survey of a national sample was conducted to empirically test the relationship between affective concern for and cognitive knowledge of information privacy online. We also tested for the interactive role of reward-seeking as a moderator among these relationships. Findings revealed that concern did not directly play a meaningful role in guiding users’ protective behavior, whereas knowledge was found significant in moderating the role of concern. The interactive role of reward-seeking seems particularly salient in shaping the structure of the relationships. These findings suggest that the intersections between knowledge, reward, and concern can play out differently, depending on the levels of each. Policy implications in relation to users’ cognitive, affective, and reward-seeking rationalities are offered, and future research considerations are discussed.     

A survey of palmprint recognition

Palmprint recognition has been investigated over 10 years. During this period, many different problems related to palmprint recognition have been addressed. This paper provides an overview of current palmprint research, describing in particular capture devices, preprocessing, verification algorithms, palmprint-related fusion, algorithms especially designed for real-time palmprint identification in large databases and measures for protecting palmprint systems and users’ privacy. Finally, some suggestion is offered.     

Information based data anonymization for classification utility

Anonymization is a practical approach to protect privacy in data. The major objective of privacy preserving data publishing is to protect private information in data whereas data is still useful for some intended applications, such as building classification models. In this paper, we argue that data generalization in anonymization should be determined by the classification capability of data rather than the privacy requirement. We make use of mutual information for measuring classification capability for generalization, and propose two k-anonymity algorithms to produce anonymized tables for building accurate classification models. The algorithms generalize attributes to maximize the classification capability, and then suppress values by a privacy requirement k (IACk) or distributional constraints (IACc). Experimental results show that algorithm IACk supports more accurate classification models and is faster than a benchmark utility-aware data anonymization algorithm.     

腾讯与360大战再次引发对个人信息保护的思考

本文从腾讯与360之间引发的"3Q大战"之争出发,论述了个人信息保护的必要性,并对国家相关政府机构和第三方测评机构在个人信息保护中应发挥的作用提出了建议。     

Improvement of the RFID authentication scheme based on quadratic residues

RFID, with its capability of remote automatic identification, is taking the place of barcodes and becoming the new generation of electronic tags. However, information transmitted through the air is vulnerable to eavesdropping, interception, or modification due to its radio transmission nature; the prevalence of RFID has greatly increased security and privacy concerns. In 2008, Chen et al. proposed an RFID authentication scheme which can enhance security and privacy by using hash functions and quadratic residues. However, their scheme was found to be vulnerable to impersonation attacks. This study further demonstrates that their scheme does not provide location privacy and suffers from replay attacks. An improved scheme is also proposed which can prevent possible attacks and be applied in environments requiring a high level of security.     

Evaluation of inter-organizational business process solutions: A conceptual model-based approach

Collaboration and coordination between organizations are necessary in today’s business environment, and are enabled by inter-organizational processes. Many approaches for the construction of such processes have been proposed in recent years. However, due to the lack of standard terminology it is hard to evaluate and select a solution that fits a specific business scenario. The paper proposes a conceptual model which depicts the nature of interaction between organizations through business processes under specific business requirements that emphasize the privacy and autonomy of the participating organizations. The model is generic, and relies on the generic process model (GPM) framework and on Bunge’s ontology. Being generic and theory-based, we propose to use the model as a basis for comparing and evaluating design and implementation-level approaches for inter-organizational processes. We demonstrate the evaluation procedure by applying it to three existing approaches.