Hierarchical Privacy CAs for Cross-Border Transfer of Personal Data

The iKaaS (intelligent Knowledge-as-a-Service) platform integrates the data on multiple local cloud
systems organically and provides the data to various types of applications as knowledge while taking
security and privacy fully into account. However, access control on the iKaaS platform is not without
complications because the application may access personal data in different countries from the one
where the application exists. Hidano et al. thus designed a security gateway that is set at the entrance
of each local cloud and controls access to the cross-border applications while interpreting regulations
related to personal data for both countries. In order to help the security gateway confirm the validity
of the application, they introduced the concept of the privacy certificate authority (CA), which is
built for each country as an executive agency responsible for the national regulations governing the
handling of personal data. In this paper, we design a hierarchical model of multiple privacy CAs
responsible for regulations where the effective areas are different. The security gateway can thereby
control the transfer of data not only to different countries, but also to different unions or cities.