A Unified User Consent Acquisition and Delivery Mechanism for Multi-Source User Data Integrated Service

Abstract

Internet service providers have usually collected and maintained user data necessary for their services. Recently, many SP (service provider)s supply users with integrated services which combine existent user data of other service providers. When UdP(User Data Provider) provides SP with user data, it should acquire user consent to preserve user privacy and to avoid future responsibility. However, UdP has not direct session with user, so it is very difficult that the UdP acquires user consent directly from the user. In addition, if user may give its consent base on individual UdP, this may be inconvenient for user. In this paper, we propose a unified user consent acquisition and delivery mechanism for multi-source user data integrated service. We introduce DA(delegation authority) for user consent acquisition and delivery. DA acquires user consent to UdP's data providing from user and generates an ELA(electronic letter of authorization) from user consent information, and sends it to SP. SP sends the ELA with user data request to UdPs, which use the ELA for deciding whether to provide user data. We design ELA scheme, message protocols and other components such as bindings, metadata and identifier. The proposed mechanism enables user to control explicitly its own data flow and to give its consent to all SP service-related UdPs only for one interaction.