• Electronics and Telecommunications Trends
• /
• v.22 no.1 s.103
• /
• pp.105-113
• /
• 2007

최근 개인정보보호법을 제정하려는 움직임으로 인해서 데이터베이스 보안 제품에 대한 관심이 국가기관뿐만 아니라 금융권, 포털사업자, ISP 등에서 급증하고 있다. 그 동안 써드 파티 업체들에 의해서 주도되어 오던 데이터베이스 보안 시장이 규모 면에서 크게 증가 추세에 있고, 이에 따라 오라클과 같은 DBMS 업체와 시만텍과 같은 메이저보안 업체들도 속속 시장에 참여하고 있다. 본 고에서는 데이터베이스 보안 기술의 개요를 살펴보고 최근 기술 개발의 동향에 대해 정리하고자 한다. 현재까지, 시장에 출시된 제품들이 성능면에서 아직 시장의 요구를 만족시키지 못하고 있기 때문에 많은 기술 개발의 가능성이 남아 있는 상태이다. 또한 검색 가능한 암호 기술과 같은 학술적인 기술의 경우 기술적인 검증 문제 또한 남아 있기 때문에 이 분야에 대한 지속적인 연구개발이 요구되는 바이다.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.127-138
• /
• 2022

In this paper, we present FinDID (Financial Decentralized IDentity), a blockchain-based DID(Decentralized IDentity) service that can flexibly control personal information or credentials through a systematic verification method while complying with the standard service scheme of decentralized identity for the financial sector. DID is an identity management system used in a decentralized environment without a specific certification authority, and as a technology that allows users to control their own information, it can realize self-sovereignty over users' own personal information. Through FinDID, users receive credentials that authenticate their various personal information from the issuer, select only the claims required by the target financial service using their personal electronic wallet, create presentations from credentials. Then they submit it to the financial service, leading to their qualification from the service. FinDID consists of electronic wallet, credential issuer, credential storage, DID service including DID management contract and credential management contract, and financial services using this service scheme. The DID service manages each user's DID and supports all verification processes of the associated identity management scheme.

• Journal of Legislation Research
• /
• no.53
• /
• pp.419-454
• /
• 2017

Faced with the internationalization of capital markets, Korea needs to protect its investors and markets by applying the relevant laws extraterritorially. The Financial Investment Services and Capital Markets Act ("Capital Markets Act") explicitly introduced a new provision recognizing the extraterritoriality of the Act. While Article 2 of the Capital Markets Act comprehensively provides for prescriptive extraterritorial jurisdiction, the enactment of extraterritoriality alone does not guarantee that the Act will apply to cross-border transactions effectively. The effective extraterritorial application of an act is inseparable from the adjudicative and enforcement jurisdiction of the act. Specifically, active investigations and detections by the public regulators might be the first step for enforcing the Capital Markets Act. Unlike domestic regulations, however, multinational enforcement actions outside a regulator's home country becomes more problematic because of various obstacles. This Article examines difficulties which domestic regulators may confront in enforcing the Capital Markets Act extraterritorially and makes several recommendations for more effective multinational enforcement as follows. First, the Korean regulators should continue to foster cooperation through the IOSCO and provide international markets with the information and tools necessary for successful regulation of cross-border transactions. Second, the principle of dual criminality should be applied in a modified form for the effective mutual legal assistance in criminal matters. Third, there should be a legal device for the domestic regulator to freeze foreign wrongdoer's assets located outside Korea to repatriate those assets for distribution to defrauded investors in Korea.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.223-232
• /
• 2010

Due to the advance of Internet, offline services are expanded into online services and a financial transaction company provides online services using internet baning systems. However, security problems of the internet banking systems are caused by a lack of security for developing the internet banking systems. Although the financial transaction company has applied existing internal and external standards, ISO 20022, ISO/IEC 27001, ISO/IEC 9789, ISO/IEC 9796, Common Criteria, etc., there are still vulnerabilities. Because the standards lack in a consideration of security requirements of the internet banking system. This paper is intended to explain existing standards and discusses a reason that the standards have not full assurance of security when the internet baning system is applied by single standard. Moreover we make an analysis of a security functions for the internet baning systems and then selects the security requirements. In this paper, we suggest a new protection profile of the internet baning systems using Common Criteria V.3.1 from the analysis mentioned above.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.8
• /
• pp.333-340
• /
• 2023

Efficient prediction of corporate bankruptcy is an important part of making appropriate lending decisions for financial institutions and reducing loan default rates. In many studies, classification models using artificial intelligence technology have been used. In the financial industry, even if the performance of the new predictive models is excellent, it should be accompanied by an intuitive explanation of the basis on which the result was determined. Recently, the US, EU, and South Korea have commonly presented the right to request explanations of algorithms, so transparency in the use of AI in the financial sector must be secured. In this paper, an artificial intelligence-based interpretable classification prediction model was proposed using corporate bankruptcy data that was open to the outside world. First, data preprocessing, 5-fold cross-validation, etc. were performed, and classification performance was compared through optimization of 10 supervised learning classification models such as logistic regression, SVM, XGBoost, and LightGBM. As a result, LightGBM was confirmed as the best performance model, and SHAP, an explainable artificial intelligence technique, was applied to provide a post-explanation of the bankruptcy prediction process.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.193-196
• /
• 2010

정보화 시대를 거치면서 모든 산업분야에서 대량의 데이터가 생성되고 관리되고 있다. 최근에는 비즈니스 환경의 변화로 인하여 의사결정을 지원할 수 있는 고급 정보에 대한 필요성이 대두되었으며 IT 기술의 발전과 더불어 데이터마이닝에 대한 많은 연구가 활발히 이루어졌다. 데이터마이닝은 금융, 정부, 제조, 유통 등 다양한 분야에서 활용되고 있다. 한편 의료데이터는 다른 산업분야의 데이터와 구별되는 특징이 있는데, 데이터의 이질성과 복잡성, 부정확성과 오류가능성, 불완전성과 윤리 및 법적인 문제, 개인정보보호, 특징 선택의 제한, 모델의 투명성과 설명력에 대한 높은 요구도 등이 그것이다. 이와 같은 이유로 의료데이터에 대한 접근은 제한적일 수 밖에 없다. 그럼에도 병원 전산화를 통해 발생하는 의료데이터의 양은 기하급수적으로 증가하고 있으며, 임상정보를 포함하는 의료데이터는 데이터 자체로도 가치가 매우 크다. 이에 본 논문은 국내 제 3차 의료기관의 2년간 내원환자에 대한 진단데이터를 사용하여 데이터마이닝의 연관법칙을 이용, 상병간의 관계를 연구하고자 하였다. 이를 통해 잠재고객에게는 객관화된 의료지표를 제공하고, 의료기관은 예측 가능한 정보를 종합의료시스템에 활용하여 고객만족도를 높이는 효과를 볼 수 있을 것으로 사료된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.181-195
• /
• 2015

Financial industries have operated internal and external network with an unified system for continual business process of customers and other organizations in the past. The financial supervising authority requires more technical and managerial protecting policy to financial industries related to the exposure as danger of external attacks or information leakage. Financial industries performed network separation into internal business and external internet networks for protecting IT assets from malware infection accessing internet or hacking attacks and prohibiting leakage of customers' personal and financial information following financial supervising authority and redefine security policy to fit on network separated-condition. In this study, effectiveness for network separation policy was examined on malware inflow and verified that malware inflow in all routes can be blocked by the policy with analyzing operration data of a financial company, estimating network separation. Result of this study proves that malware infection route by portable storages was not completely blocked even on adapting network-separated condition. As a solution for this, efficient security policy would be suggested in this paper as controlling portable storages for maximizing effectiveness of network separation.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1214-1217
• /
• 2007

대부분의 기관들은 악의적인 행위들을 포착하거나 시스템과 데이터를 보호하고 사고에 대응하기 위한 시도들을 지원하기 위해 몇 가지 형태의 네트워크 기반 보안솔루션을 사용하고 있다. 하지만 기존 네트워크 레벨 보안의 한계로 인하여 시스템 상에서 일어나는 행위를 제어하기 위한 차세대 보안솔루션으로 보안운영체제를 도입하고 있다. 최근에는 전자금융거래법 등의 세칙에 의해 정보처리 시스템 내의 정보의 유출, 변조 및 파괴 등을 보호하는 것은 물론 세부 작업 내역의 로깅에 대한 요구가 지속적으로 증가하고 있다. 이에 본 논문에서는 보안레이블에 의한 시스템 보안 강화 기술을 소개하고 강제적 접근 제어 결과에 의해 생성되는 보안 로그에 대한 구체적인 관리 전략을 제시한다.

• Journal of Korean Library and Information Science Society
• /
• v.38 no.3
• /
• pp.53-72
• /
• 2007

The Internet is now an integral part of the everyday lives of a majority of people. They are demanding web sites that offer credible information - Just as much as they want sites that are easy to navigate. But the online reality today is that few Internet users say they can trust the web sites that have products for sale or the sites that offer advice about which products and services to buy. Users want the web sites they visit to provide clear information to allow them to judge the site's credibility. Users want to know who runs the site; how to reach those people; the site's privacy policy; and how the site deals with mistakes. In the eyes of users all sites ate not equal. Users have different credibility standards for different types of sites. For news and information sites users want advertising clearly labeled as advertising. And users want the site to provide a list of the editors responsible for the site's contents, including the editor's email address. For e-commerce sites, user expectations and demands are just about as high as they can be. They say that it is very important that these sites provide specific, accurate information about the site's policies and practices.

• Review of KIISC
• /
• v.21 no.5
• /
• pp.12-20
• /
• 2011

개인정보보호법이 전면적인 법 시행을 앞두고 있고 지금까지 규제대상이 아니던 기업 종업원의 개인정보는 물론, 종이 문서형태의 개인정보까지를 규제대상으로 삼고 있어 개인정보보호 시장이 크게 확대될 것으로 전망된다. 규제범위도 정보통신, 교육, 의료, 금융 분야까지 다루고 있어서, 정부/공공기관 및 민간기업의 철저한 사전준비가 필요한 시점이다. 개인의 프라이버시 보호에 대한 이러한 발전추세에는 국내외 표준화가구를 통한 활발한 표준화작업이 밑바탕이 되고 있으며, 특히 미국, 영국, 독일, 일본, 한국 등의 나라를 중심으로 국제표준화를 활발히 추진하고 있다[1]. 표준화의 분야에는 개체의 신분확인을 위한 표준, 개인식별정보와 바이오인식 정보가 같이 사용되는 상황에서 이들의 바이오인식 프라이버시 및 보안요구조건을 위한 표준, 프라이버시 프레임워크, 프레임워크 기반 구현을 위한 프라이버시 레퍼런스 아키텍쳐 등 다양한 표준화 분야가 있다. 본 논문에서는 프라이버시 표준화를 위한 국외 표준화 동향을 소개하고, 향후 추진해야할 중점 표준화 항목을 도출한다.