• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.417-428
• /
• 2018

The intelligent video surveillance environment is a system that extracts various information about a video object and enables automated processing through the analysis of video data collected in CCTV. However, since the privacy exposure problem may occur in the process of intelligent video surveillance, it is necessary to take a security measure. Especially, video metadata has high vulnerability because it can include various personal information analyzed based on big data. In this paper, we propose a COP-Transformation scheme to protect video metadata. The proposed scheme is advantageous in that it greatly enhances the security and efficiency in processing the video metadata.

• Journal of Digital Contents Society
• /
• v.11 no.1
• /
• pp.105-115
• /
• 2010

Search engines provide web documents that are related to user's query. However, using only the query terms that user provided, it is hard for search engines to know user's exact intention and provide the very matching web documents. To remedy this problem, search systems are needed to exploit personalized search technologies. In this paper, we propose not only a novel personalized query recommendation scheme based on folksonomy but also a new personalized search service architecture which reduces the risk of privacy violation while enabling search service providers to provide other various personalized services such as personalized advertisement.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.331-340
• /
• 2007

Mobile network environments are the environments where mobile devices are distributed invisible in our daily lives so that we can conventionally use mobile services at my time and place. The fact that we can work with mobile devices regardless of time and place, however, means that we are also in security threat of leaking or forging the information. In particular, without solving privacy concern, the mobile network environments which serve convenience to use, harmonized without daily lives, on the contrary, will cause a serious malfunction of establishing mobile network surveillance infrastructure. On the other hand, as the mobile devices with various sizes and figures, public key cryptography techniques requiring heavy computation are difficult to be applied to the computational constrained mobile devices. In this paper, we propose efficient PKI-based user authentication and java-based cryptography module for the privacy-preserving in mobile network environments. Proposed system is support a authentication and digital signature to minimize encrypting and decrypting operation by compounding session key and public key based on Korean standard cryptography algorithm(SEED, KCDSA, HAS160) and certificate in mobile network environment. Also, it has been found that session key distribution and user authentication is safety done on PDA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.253-261
• /
• 2020

This study examines the technologies and application processes related to the use of pseudonym data of companies after the passage of the Data 3 Act to activate the data economy in earnest, and what companies should prepare to use pseudonym data and what will happen in the process It was intended to contribute to the elimination of uncertainty. In the future, companies will need to extend the information security management system from the perspective of the existing IT system to manage and control data privacy protection and management from a third party provisioning perspective. In addition, proper pseudonym data use control should be implemented even in the data use environment utilized by internal users. The economic effect of market change and heterogeneous data combination due to the use of pseudonymized data will be very large, and standards for appropriate non-identification measures and risk assessment criteria for data utilization and transaction activation should be prepared in a short time.

• Management & Information Systems Review
• /
• v.38 no.1
• /
• pp.23-41
• /
• 2019

Smart Factory is different from existing factory automation in that it aims to produce personalized products with minimum time and cost through ICT. However, previous researches, not from consumers but from product suppliers, have focused on technology trends and technology application methods. In order for Smart Factory to be successful, it must go beyond supplier-focus to meet the needs of consumers. In this study, we surveyed the purchase intention of the personalized product manufactured by smart factory. Influencing factors of purchase intention were drawn as consumers' need for uniqueness, innovativeness, need for touch, and privacy concern, based on previous research. As results of data analysis, it was confirmed that respondents were willing to purchase personalized products, and that consumers' need for uniqueness, innovativeness, and need for touch had a significant impact on purchase intention of personalized products. Our findings can be summarized as follows. First, Consumers' need for uniqueness was found to have positive effects(${\beta}=0.168$) on purchase intention of personalized products. The desire to differentiate themselves from others will be reflected in their personalized products. Therefore, consumers with a higher desire for uniqueness tend to be more willing to purchase personalized products. Second, consumer innovativeness was found to have positive effects(${\beta}=0.233$) on purchase intention of personalized products. Personalized shoes suggested in this study is a new type of personalized product that is manufactured by the latest information and communication technologies such as multi-function robots and 3D printing. Therefore, consumers seeking innovative new experiences are more willing to purchase personalized products. Third, need for touch was found to have positive effects(${\beta}=0.299$) on purchase intention of personalized products. In a smart factory environment, prosuming participation is given to consumers. If consumers participate in the product development process and reflect their requirements on the product, they are expected to increase their purchase intention by virtually satisfying the need for touch. Fourth, privacy concern was found to have no significantly related to purchase intention of personalized products. This is interpreted as a willingness to tolerate the risk of exposing personal information such as home address, telephone number, body size, and preference for consumers who feel highly useful in personalized products.

• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.4
• /
• pp.231-237
• /
• 2021

Over a decade ago, Krasnova et al. identified the factors that influence Facebook users' self-disclosure. These factors include perceived risks, relationship building, relationship maintenance, self-presentation, and enjoyment. Meanwhile, during the past 10 years, there have been significant changes in terms of function, media, and competition. SNSs have been functionally enhanced, used in mobile environment, and had many competitors. Based on these facts, it is believed that the influence of the factors on self-disclosure is different from those of Krasnova et al. The purpose of this study is to verify through a replication study whether the factors adopted in the study of Krasnova et al. are still important in explaining self-exposure. The study empirically find the result significantly different from those of Krasnova et al. Based on the result, the study provides meaningful implications and suggestions for future research.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.87-92
• /
• 2012

In the early 2012, European Union proposed new legal framework, including the right to be forgotten, for the protection of personal data. The new Proposal articulates kind of sweeping new privacy right and there has been debates on its potential threat to free speech in the digital age. While the situation is similar in Korea, I want to introduce the right to be forgotten in the Proposal. Then, I will analyze current legal system in Korea regarding the new privacy right and suggest some guidelines in searching direction for the coming legislation with respect to the right to be forgotten. The right to be forgotten should not have been promulgated without considering fully its effect on the free speech, especially in the society where the voice toward direct democracy or movement toward participation of the citizen, mainly through cyber space or Social Network Services, has risen much higher in Korea. Especially, the new right seems not to cover the control of data subject on a third party where the third party expressing his opinion by posting himself other's personal data on his blog or others.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.5
• /
• pp.1009-1019
• /
• 2017

Mobile Edge Computing(MEC) is a emerging technology to cope with mobile traffic explosion and to provide a variety of services having specific requirements by means of running some functions at mobile edge nodes directly. For instance, caching function can be executed in order to offload mobile traffics, and safety services using real time video analytics can be delivered to users. So far, a myriad of methods and architectures for personalized service recommendation have been proposed, but there is no study on the subject which takes unique characteristics of mobile edge computing into account. To provide personalized services, acquiring users' context is of great significance. If the conventional personalized service model, which is server-side oriented, is applied to the mobile edge computing scheme, it may cause context isolation and privacy issues more severely. There are some advantages at mobile edge node with respect to context acquisition. Another notable characteristic at MEC scheme is that interaction between users and applications is very dynamic due to temporal relation. This paper proposes the local service recommendation platform architecture which encompasses these characteristics, and also discusses the personalized service recommendation mechanism to be able to mitigate context isolation problem and privacy issues.