Avoiding privacy violations caused by context-sensitive services

The increasing availability of information about people´s context makes it possible to deploy context-sensitive services, where access to resources provided or managed by a service is limited depending on a person´s context. For example, a location-based service can require an individual to be at a particular location in order to let the individual use a printer or learn her friends´ location. However, constraining access to a resource based on confidential information about a person´s context could result in privacy violations. For instance, if access is constrained based on a person´s location, granting or rejecting access will provide information about this person´s location and could violate the person´s privacy. We introduce an access-control algorithm that avoids privacy violations caused by context-sensitive services. Our algorithm exploits the concepts of access-rights graphs, which represent all the information that needs to be collected in order to make a context-sensitive access decision. Moreover, we introduce hidden constraints, which keep some of this information secret and thus allow for more flexible access control. We present a distributed, certificate-based access-control architecture for context-sensitive services that avoids privacy violations, a sample implementation, and a performance evaluation