Privacy conscious architecture for personal information transfer from a personal trusted device to an HTTP based service

Pekka Jäppinen, Mika Yrjölä, Jari Porras


Modern services request personal information from their customers. The personal information is not needed onlyfor identifying the customer but also for customising the service for each customer. In this paper we first analyse the existing approaches for personal information handling and point out their weaknesses. We desribe an architecture for the delivery of personal information from the customer to the HTTP based service in the Internet. For personal information storing our architecture relies on a mobile device, such as a customer’s mobile phone. The access of the service is conducted with a traditional desktop computer. The information is transmitted to the serviceon request via a desktop computer that fetches the information from a mobile device over a wireless link.The goal of our approach is to simplify the use of servicesby helping the customer to provide the required personal information. Furthermore our approach is designed so that existing services require only minor changes. We introduce methods for the customer to control his own privacy by providing notation to define the required security measures for automated data transfer. Finally we discuss the possible security risks of our architecture.


personal information, usability, Internet service, personal trusted device, privacy, service, bluetooth

Full Text:



Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.