Subject-Wise Policy Based Access Control Mechanism for Protection of Personal Information

These days, personal information privacy and security is getting an important issue. In various commercial and other application cases, because of convenience and efficiency, personal information is always stored and used by organizations and companies systems. These information have different sensitivity level of privacy among each subject. Usually, the organizations and companies protect the information in a simply way, regarding all the information as the same level. For seeking a more reasonable and flexible resolvable way, in this paper, we propose a policy-based access control mechanism which strictly verifies accessing users so that to ensure the privacy and security of personal information. In our proposed mechanism, information subjects establish their own access control policy for the sensitive personal information, and the individuals´ personal information stored in the database of organizations and companies is encrypted with different keys. By this way, we can easily control the access of information users according to personal and organizational privacy policy.