While reading papers and thinking about how the ideas described in them, could be applied to my thesis, I decided it would probably be best to split the communication in two groups. By splitting it up, a different approach can be taken for each group (see part 1).

A first draft of possible ways to implement the security/privacy in the context scenario I will be developping, is also given in part 2.

1. Types of communication

1.1 The wireless/bluetooth communication

This is the type of communication that technically happens “unnoticed”. The user doesn’t explicitely know that his portable device is communicating with the environment. This type of communication happens for example when the user enters the waiting room in the hospital or the doctor’s cabinet.

Identification is very important here, since the portable device will exchange information with a completely “external”, possibly unknown, system.

This kind of communication will probably be secured by using certificates (since most portable devices support these) and Quality of Context (like described in the previous post): user’s location, freshness of the information the device gets/gives, granularity of the information (name, address, medical history…).

1.2 Communication based on messages

By messages are meant emails, text messages etc. This communication will not be “unnoticed” by the user, since he/she can technically answer these messages himself. The portable device only offers the feature of doing this for the user in specific situations (ex: the user is in a club and will probably not hear the phone, or he is driving and cannot answer right away), for specific messages (ex: when somebody asks the user where he is, or what he is doing).

Certificates don’t seem necessary here since the user probably has a certain level of trust in the person who send the message. We also assume that it’s not very likely that someone would “impersonate” anybody else (ex: a malicious person would use your friend’s cellphone to send you a message).

Because of this, it is probably better to base the security on knowledge gathered from social networks and rules (knowing whether person X is a friend, a family member or a colleague) and apply Quality of Context to it (change the granularity of the information according to who is asking it).

2. Which information do we give to whom?

To know which information is given we give to whom, I will need to make groups of “people” and groups of “information”. Groups of “people” can be hierarchical or not, but will tell the system which level of private information can be given to which group of “people”.

Groups of “information” will categorize all the information that can be shared, based on their level of privacy. The system can let the user decide which type of information has which level. Another option would be to let the system infer which information belongs to which level: for example, if you only friends where you are, the system can learn this, without requiring user-input.

To give a more detailed example, the system could give a maximum of 5 points of information to a “friend”. Information could than be classified as follows: what your name is counts as 1 point, which town you are in counts for 3 points, which address you are at counts for 8. Whether you’re available counts for 1 point whereas that you’re in the hospital counts for 10.
This means a friend could get as information: what your name is, which town you are in and what you are doing. They will not be told which address you’re at, since the total of points then exceeds the 5 points they are allowed to get.