Personal Profile Access Control

Situation-aware service has become an important feature for e-commerce providers, since the quality of personalization affects the effectiveness of the service.

To provide a service that fits the demands of customers, e-commerce providers make use of demographic information: age, sex, occupation, hobbies, married or not, etc. Usually, each provider has a user profile database to store this data. The profiles are typically created by the customers' registration, and updated implicitly according to their actions (what they searched for or purchased, how frequently they've accesses the service, etc.), or sometimes by the customers' explicit update requests.

This approach has worked well as long as the customer's demands do not change too frequently, which is the normal situation if the service is accessed only when the customer is in a particular situation (relaxing at home, for example). In the mobile environment, however, the customers situation' are changing all the time. Therefore, their needs and desires change far more frequently than in a static environment. To provide personalized service to customers in a mobile e-business, the personal profiles should reflect the customers' dynamically changing conditions.

Moreover, this information about the varying conditions of the customers is usually stored outside of the database of the e-commerce providers. For example, information on customers' locations is currently provided by a cellular phone company. The customers' mobile device themselves also carry information on what situation the customers are in. For e-commerce providers, such distributed information is obviously more difficult to access than the data in their own database.

Yet another important issue is privacy. Customers disclose their personal information so that they can get better services, or direct rewards (discount tickets, special services, etc.) in return. However they do not want their personal information to be disclosed without their consent, nor should it be used for purposes which they have not agreed to. This is why most enterprises now establish and publish privacy policies. Once the personal information of a customer is disclosed to an e-commerce provider, the provider is responsible for treating it appropriately according to the policy and the agreement with the customer. As described above, however, personal information is distributed among various places in the mobile environment. This means that managing such a consent and disclosure process becomes more difficult for customers.

With our personal profile access manager, we can:

• Provide a simple interface to access the distributed user profile, regardless of where the profile is actually stored, so that an e-commerce provider can use a customer's profile that is dynamically changing.
• Allow the customer to control and manage the full negotiation of agreement, consent, and disclosure process of the dynamically changing personal profile.