- 學位論文
以P3P為基礎之個人化資訊隱私權協議
P3P based Customized Information Privacy Contract
摘要
電子化服務的發展為我們的生活帶來了便利性,但個人資訊在網路上傳遞卻可能造成使用者隱私的威脅,故服務提供者對於使用者私密資訊的保護將影響人們使用電子化服務的意願。目前服務提供者皆會在網站上宣告隱私權政策,然而服務端所制訂的政策未必能夠滿足不同使用者的隱私需求,若能提供「個人化」的隱私協議,將更能獲得使用者的信任。由服務提供者與使用者進行協商以制訂個人化隱私協議是目前文獻中提出的方式。但協商的進行仍有不足之處,本研究加以分析,並提出了透過第三方依雙方隱私偏好的資訊公平仲裁出最佳的協議以改善協商的不足。此機制優點包括(1)減少時間與網路成本,增加協議產生的效率、(2)媒合失敗時,能夠提出最佳協議的內容,由使用者選擇是否接受、(3)遞增性的修改使用者隱私偏好以臻完善。本論文基於W3C所訂定的P3P及APPEL標準實做第三方的雛型系統以模擬資訊隱私協議的仲裁過程。未來服務提供者若能增加隱私權政策制訂上的彈性,應用本研究設計將能有效訂定出個人化的隱私協議。
並列摘要
Widespread increasing of using e-services brought convenience into our life. However, most online users concerned with the privacy invasion risk associated with revealing personal information without clear understanding of how this information is handled. Now the service provider declares his privacy policy on the web site, yet that can not necessarily satisfy all users’ privacy preference. Customized privacy contract is needed. Automated negotiation by the service provider’s and users’ agents is addressed to achieve this goal, but it’s not perfect way. Our research analyzes the shortages of negotiation and proposes a mechanism that the privacy contract is arbitrated by a trustworthy third party based on users’ privacy preference and services’ privacy descriptions. The advantage of this design includes (1) the decrease of time and the bandwidth cost, and the efficient creation of the privacy contract, (2) while users’ privacy preference and services’ privacy policies match fail, the third party propose the most suitable privacy contract to inquire users, (3) improve users’ privacy preference incrementally. We implement a prototype based on P3P and APPEL standard for running the arbitration process, and we expect the flexibility of making privacy contract provided by service providers in the future.