Catálogo de publicaciones - libros

Digital rights management (DRM) interoperability is becoming a necessity due to the wide variety of content protection systems. DRM interoperability problems occur on three system layers: protected content, licenses, and trust and key management. Solutions for DRM interoperability can be based on format and platform interoperability. Furthermore, three interoperability case studies are discussed: DVB, Coral, and MPEG-IPMP(X), highlighting three typical DRM interoperability solutions.

Privacy is becoming a serious concern in the connected world. This chapter presents privacy issues, requirements and privacy protection concepts related to consumers’ private content. First, privacy issues and requirements are described by means of several scenarios. Then, a DRM approach for protecting ownership and controlled sharing of private content is presented. A system is introduced for realizing such a privacy-enhancing approach for home media centers. Particular solutions for protecting and sharing personal content, ownership management, and content deletion in a privacy-preserving way are described.

This chapter addresses privacy issues in DRM systems. These systems provide a means of protecting digital content, but may violate the privacy of users in that the content they purchase and their actions in the system can be linked to specific users. The chapter proposes a privacy-preserving DRM system in which users interact with the system in a pseudonymous way, while preserving all the security requirements of usual DRM systems. To achieve this goal, a set of protocols and methods is proposed for managing user identities and interactions with the basic system during the acquisition and consumption of digital content. Privacy-enhancing extensions are also proposed. Unlinkable purchase of content, which prevents content providers from linking all content purchased by a given user, is discussed. Moreover, a method that allows a user to transfer content rights to another user without the two users being linked by the content provider is provided.

Ambient intelligence (AmI) is a novel concept for embedded computing that builds on the large-scale integration of electronic devices into peoples’ surroundings and the ubiquitous availability of digital information to the users of such environments. The concept however is not only concerned with the integration of computing in the background but, as a direct result of the disappearing computer and the corresponding interaction technologies, it calls for novel means of control that support the natural and intelligent use of such smart environments, emphasizing predominantly social aspects. As the familiar box-like devices are replaced by hidden functions embedded in the surroundings, the classical meaning and implication of security and trust needs to be revisited in the context of ambient intelligence. In this chapter, we briefly revisit the foundations of the AmI vision by addressing the role of AmIware, which refers to the basic and enabling AmI technologies, and by presenting some basic definitions of ambient intelligence. Next we discuss the meaning and role of persuasion on the basis of models and theories for motivation originating from cognitive science. Notions such as compliance and ambient journaling are used to develop an understanding of the concept of ambient persuasion. We also address the ethics of ambient intelligence from the point of view of a number of critical factors such as trust and faith, crossing boundaries, and changing realities. The chapter concludes with a summary of findings and some final remarks.

Privacy is a prime concern in today’s information society. To protect the privacy of individuals, enterprises must follow certain privacy practices while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website, processes it inside the enterprise and shares it with partner enterprises. In particular, we analyse three different privacy systems that can be used in the different stages of this lifecycle. One of them is the audit logic, recently introduced, which can be used to keep data private while travelling across enterprise boundaries. We conclude with an analysis of the features and shortcomings of these systems.

The semantic Web aims to enable sophisticated and autonomic machine-to-machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate automatic access to sensitive information. Policy-based access control provides sophisticated means to support the protection of sensitive resources and information disclosure. This chapter provides an introduction to policy-based security and privacy protection by analyzing several existing policy languages. Furthermore, it shows how these languages can be used in a number of semantic Web scenarios.

Biometrics is a convenient way to identify and authenticate individuals in an ambient world. This can only be done if biometric reference information is stored in the biometric system. Storing biometric reference information without any precautions will lead to privacy and security problems. In this chapter, we present technological means to protect the biometric information stored in biometric systems (biometric template protection). After describing the most important methods that can be used for template protection, the most promising method based on techniques from the field of secure key extraction will be described in more detail and example implementations will be given for every stage of the template protection process.

Radio-frequency identification (RFID) technology has become one of the most hotly debated ubiquitous computing technologies, and public fears of its alleged capability for comprehensive surveillance have prompted a flurry of research trying to alleviate such concerns. The following chapter aims at introducing and briefly evaluating the range of proposed technical RFID privacy solutions. It also attempts to put the problem of RFID privacy into the larger perspective of both applications and policy, in order to properly assess the feasibility of the discussed solutions.

Malware (malicious software) is rampant in our information technology infrastructures and is likely to be so for the foreseeable future. We will look at various types of malware and their characteristics and see what defenses currently exist to combat them. Various aspects of ubiquitous computing will likely prove game-changers for malware and we will look into how the problem will evolve as ubiquitous computing (UbiComp) is deployed.