• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.77-82
• /
• 2018

Recently, as cloud services become popular with general users, users' information is freely transmitted and received among the information used in the cloud environment, so security problems related to user information disclosure are occurring. we propose a method to secure personal information of multiple users by making personal information stored in the cloud server and a key for accessing the shared information so that the privacy information of the multi users using the cloud service can be prevented in advance do. The first key used in the proposed scheme is a key for accessing the user 's personal information, and is used to operate the information related to the personal information in the form of a multi - layer. The second key is the key to accessing information that is open to other users than to personal information, and is necessary to associate with other users of the cloud. The proposed scheme is constructed to anonymize personal information with multiple hash chains to process multiple kinds of information used in the cloud environment. As a result of the performance evaluation, the proposed method works by allowing third parties to safely access and process the personal information of multiple users processed by the multi - type structure, resulting in a reduction of the personal information management cost by 13.4%. The efficiency of the proposed method is 19.5% higher than that of the existing method.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.13-18
• /
• 2014

The usage rate of user due to advances in smartphone development is higher than the usage rate to use a PC. However, smartphone usage popularized research to protect sensitive information, such as smart phone users personal information, financial information is a small state. In this paper, we analyzed the various vulnerabilities in smartphone studies to date have been looking into the corresponding port smart consumer dispute resolution methods and criteria for smartphone security attack methods and analysis. In particular, the threat of such a network, malware, Peep attack of the security threats arising from the smartphone they can avoid or mitigate threats to minimize the smartphone security damage is done to the disclosure of personal information, such as direct damage or financial loss the analysis of that method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.347-355
• /
• 2012

A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.193-200
• /
• 2012

The existing EMR method placing computer servers in hospitals could expose patients' personal information to hospital officers and people for wrong purposes. In addition, if medical malpractice occurs, the possibility of distorting medical records might be higher because patients' medical records are stored in hospitals. This study provides an electronic medical record with a security system to solve patients' information disclosure. The electronic medical record system could be utilized as an important information when medical malpractice occurs. This system can provide higher security services certifying patients safely and efficiently as well as protecting patients' personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.6
• /
• pp.3865-3871
• /
• 2014

The U-health service provides medical services with patients anytime or anywhere and is defined as the service that combines information and communication technology with health and medical service. However, it causes some troubles, such as the disclosure of patients' medical information or data spills (personal information extrusion). Moreover, it has the weak point of the security threats associated with data based on existing wire-wireless systems because it conducts data transmission and reception through the network. Therefore, this paper suggests a safe personal information management system by designing integrated certification schema that will help compensate for the weaknesses of the U-health service. In the proposal, the protocols for user information, certification between medical institution and users, data communication encryption & decryption, and user information disuse were designed by applying the ID-Based Encryption, and analyzed such existing systems and PKI Based-based communication process, securely and safely.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.5
• /
• pp.209-216
• /
• 2020

As depository system for negotiation or reimbursement to the victim in criminal case is reflected to consideration for diminishing punishment and hence, it is very important in the process. According to the current law, one needs to fill out victim's personal information such as name, address, and ID number for processing depository. However, if the victim is sexual violence victim, all the personal information is covered up becoming anonymous. Therefore, it becomes difficult for the accused person to get necessary information. Such covering up action is to prevent further second damage that may be caused such as threatening for the negotiation whereas victim has no willingness to forgive the accused. However, even if the accused person regrets his/her crime and make reimbursement to the victim, as they have no personal information on the victim it becomes impossible for them to make the depository. If we apply ESCROW system here it will allow victims to avoid any direct contact with the accused person as well as preventing any privacy disclosure. Also, for the accuse person, they can show how much they regret by making depository within their capability.

• Informatization Policy
• /
• v.25 no.2
• /
• pp.84-96
• /
• 2018

The right to be forgotten means the right of people to request information and communication providers to delete their information online. As the number of people asking for deletion of their past embarrassing or negative online activities is increasing, discussions are being raised on the introduction of the right to be forgotten in South Korea. However, previous research on the right to be forgotten mainly deals with the legal concept, with insufficient consideration of economic value. The main purpose of this research is to examine social perception towards the right to be forgotten and to estimate its economic value quantitatively. According to the results, there are concerns about disclosure of personal information, but with lack of awareness on the right to be forgotten. The monthly average amount that a person is willing to pay to be forgotten is 1,218 Korean won (11 US dollars) and the total economic value is estimated to be about 540 billion won (490 million dollars) per year in 2017. Especially, those who have experienced leakage of personal information put higher value to the right to be forgotten. These results can be useful for making decisions about the right to be forgotten in the future.

• Journal of Computing Science and Engineering
• /
• v.2 no.2
• /
• pp.137-160
• /
• 2008

The increasing availability of personal location data pushed by the widespread use of location-sensing technologies raises concerns with respect to the safeguard of location privacy. To address such concerns location privacy-preserving techniques are being investigated. An important area of application for such techniques is represented by Location Based Services (LBS). Many privacy-preserving techniques designed for LBS are based on the idea of forwarding to the LBS provider obfuscated locations, namely position information at low spatial resolution, in place of actual users' positions. Obfuscation techniques are generally based on the use of geometric methods. In this paper, we argue that such methods can lead to the disclosure of sensitive location information and thus to privacy leaks. We thus propose a novel method which takes into account the semantic context in which users are located. The original contribution of the paper is the introduction of a comprehensive framework consisting of a semantic-aware obfuscation model, a novel algorithm for the generation of obfuscated spaces for which we report results from an experimental evaluation and reference architecture.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.2
• /
• pp.89-97
• /
• 2010

The most important concern in the internet service organizations in competitive market circumstances is to focus on formation and maintenance of continuous relationship with customers. The purpose of this study is to verify the effect of perception of the fairness - procedural fairness for recovery, interactional fairness, fairness for reward on customer's satisfaction and trust, behavior when the internet service company failed to service such as disclosure of personal information. This study aims to apply justice theories to service recovery. As a result, first, the customer's perceived justice had a significant effect on the customer satisfaction and trust in service recovery. Second, the customer's satisfaction positive effect on trust. Third, customer's satisfaction formed by service recovery had a effect on the customer's behavior such as continuous usage intention. Therefore, this study was reveal how the extent of justice perception felt by customers in the service recovery process, causes positive causation relationship which affect customer behavior intention.