A Customer-Centric Privacy Protection Framework for Mobile Service-Oriented Architectures

Mobile companions such as smart phones and PDAs carry a lot of sensitive data about their owners. With new services aimed at providing more targeted information retrieval through increased interactions with these devices, privacy concerns of individuals must be addressed. Existing mobile service computing solutions give users little control over the release of this information. In this paper, we present a privacy-aware information brokerage framework called MUPPET that incorporates three novel techniques to give users control over the release of their data. First, it introduces operation-focused access control, a purpose-based access control model that supports flexible and fine-grain policies using typed operation labels. Second, MUPPET includes a purpose detector that has a number of techniques to detect the active purpose in a pervasive environment. Third, our system allows reward-driven information exchange, a protocol for explicit communication and negotiation of justifications and rewards supporting tunable privacy policies based on ongoing evaluation of the information exchange. To validate our design, the MUPPET prototype has been integrated with a personalized coupon offering application for two different service providers in an experimental retail kiosk setting.