Privacy And Policy

An important problem in public clouds is how to selectively share documents based on fine-grained attribute-based access control policies (acps). An approach is to encrypt documents satisfying different policies with different keys using a public key cryptosystem such as attribute-based encryption, and/or proxy re-encryption. However, such an approach has some weaknesses: it cannot efficiently handle adding/revoking users or identity attributes, and policy changes; it requires to keep multiple encrypted copies of the same documents; it incurs high computational costs. A direct application of a symmetric key cryptosystem, where users are grouped based on the policies they satisfy and unique keys are assigned to each group, also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. Based on this idea, we formalize a new key management scheme, called broadcast group key management (BGKM), and then give a secure construction of a BGKM scheme called ACV-BGKM. The idea is to give some secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information. A key advantage of the BGKM scheme is that adding users/revoking users or updating acps can be performed efficiently by updating only some public information. Using our BGKM construct, we propose an efficient approach for fine-grained encryption-based access control for documents stored in an untrusted cloud file storage.

Personalized radio-frequency identification (RFID) tags can be exploited to infringe on privacy even when not directly carrying private information, as the unique tag data can be read and aggregated to identify individuals, analyze their preferences, and track their location. This is a particularly serious problem because such data collection is not limited to large enterprise and government, but within reach of individuals. In this paper, we describe the security analysis and implementation leveraging globally networked mobile RFID service. We propose a secure mobile RFID service framework leveraging mobile networking. Here we describe the proposed framework and show that it is secure against known attacks. The framework provides a means for safe use of mobile phone-based RFID services by providing security to personalized RFID tags.

Applicable law

The Information Technology (Amendment) Act, 2008 made significant changes to the Information Technology Act, 2000, introducing Section 43A. This section provides compensation in the case where a body corporate that possesses, deals or handles any sensitive personal data or information in a computer resource that it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person. In 2011, the Government of India prescribed the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011[32] by publishing it in the Official Gazette.[33] These rules require a body corporate to provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information.[34] Such a privacy policy should consist of the following information in accordance with the rules:

  • Clear and easily accessible statements of its practices and policies;
  • Type of personal or sensitive personal data or information collected;
  • Purpose of collection and usage of such information;
  • Disclosure of information including sensitive personal data or information;
  • Reasonable security practices and procedures.

The privacy policy should be published on the website of the body corporate, and be made available for view by providers of information who have provided personal information under lawful contract.

Change Color Style

Financial Consulting Services | Tax Consulting Services | Certification Services | Marketing Services | Operations and Process Improvements | Mergers and Acquisitions