1. Field of the Invention
This invention relates generally to communication systems that use shared information spaces such as tuple spaces to exchange data on users, and more particularly to a system for preserving privacy and confidentiality of such user data.
2. Background of the Invention
As described in our co-pending patent application Ser. Nos. 10/631,789, 10/631,747 and 10/631,834, filed on the same date as this application and respectively entitled “System and Method for Facilitating Communication Using Presence and Communication Services”; “Generation of Availability Indicators from Call Control Policies for Presence Enabled Telephony System”; and “Context Aware Call Handling System”, communication systems are being developed that are characterized by the interpretation of external events to facilitate personalized and customized services. One example of such a new application implemented service requires sharing awareness of a user's availability. Instead of controlling incoming calls and restricting access as traditional telephony does, this type of service attempts to engender useful communication by advertising the availability of potential collaborators. In order to do so, one or more ubiquitous sensors generate data regarding the user's location and activities, and apply such data to a context engine. Awareness data (that is raw data relating to the context of the user) is processed by the context engine to generate assertions that are then applied to a policy engine. The policy engine selects a call feature based on the user's context and policies. For example, a location service may report a user location as the washroom in response to which the context engine makes an ‘Out of Office’ assertion to a tuple space. In response to a call event such as “Incoming Call”, a “Forward to Voice Mail” feature is selected based on the user's context (that is in the washroom) and policies (that If user is “Out of Office” FORWARD any “Incoming Call” to voice mail).
From the foregoing example, it is clear that presence systems operate to share information about users that the users may wish to remain confidential. There are many gradations of privacy and it is anticipated that people will expect to have the ability to share availability information with various degrees of privacy. This leads to an expectation in such systems that the user may wish to politely decline presence requests in a manner that will avoid embarrassment or political problems for the user.
A particular problem with respect to the security of presence information results from the fact that presence information has only a few values. Even strongly encrypted presence information is vulnerable since the few possible encrypted values can usually be easily guessed. In addition, malicious attackers can publish presence information that would be embarrassing to the user.
Although research has been undertaken in the area of security in tuple spaces, none of such research has directly addressed the problem of using tuple spaces for open presence applications.