• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.513-525
• /
• 2020

Until today, the personal information of subjects has been centralized in many companies or institutions. However, in recent days, the paradigm has gradually changed in the direction that subjects control their personal information and persue their self-sovereignty. Globally, individual data sovereignty is strengthened by the European Union's General Data Protection Regulation(GDPR) and the US California Consumer Privacy Act(CCPA). In Korea, a few alliances consist of various companies are creating technology research and service application cases for decentralized ID service model. In this paper, the current decentralized ID service model and its limitations are studied, and a improved decentralized ID service model that can solve them is proposed. The proposed model has a function of securely storing decentralized ID to the third party and a linkage function that can be interoperated even if different decentralized ID services are generated. In addition, a more secure and convenient model by identifying the security threats of the proposed model and deriving the security requirements, is proposed. It is expected that the decentralized ID technology will be applied not only to the proof of people but also to the device ID authentication management of the IoT in the future.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.279-286
• /
• 2012

The purpose of this study was identified the influence of introducing Electronic Medical Records (EMR) on reception attitude, based on literature investigation, the study converted utility and serviceability from Davis TAM Model into awareness of effects in computerized database except attitude variable. The electronic survey for doctors, nurses, medical technicians of a general hospital located in Gangwon-do was performed for 4 weeks from Nov, 11th, 2009 to Dec, 2nd and the collected data was computerized through SPSS 12.0. The factors influencing reception attitude were divided into 4 categories; basic characteristics of the individual, awareness of privacy protection, awareness of effects in computerized database, technological preparation and measured detailed specific variables. As the result of this, the factors influencing reception intention were different depending on recognizing the effectiveness caused by computerization of medical information. Especially, in terms of the difference between basic characteristics of the individual and awareness of privacy protection, there were significant distinctions among 3 sectors; general, transactional, online information management. The significant effects were identified from information management related to business or online information management depending on experiencing security education.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.159-171
• /
• 2017

The purpose of this study is to investigate the effects of e - commerce technology characteristics and personal values on purchasing behavior by information security importance. The results of the empirical study that examined the university students in 2006 and 2016 are as follows. First, personal value is centered on personal values, such as self - esteem and self - esteem in 2006. In 2016, however, personal values such as self - fulfillment and personal relationship with others are important. Transactional ease and product service serve as the main value of the fun and pleasure of life, but the sense of accomplishment as the core value of information protection. Second, the technical characteristics of e-commerce are as follows. In terms of ease of transaction and product service, technology characteristics are simplified and directly effected over time. On the other hand, information protection works very closely with individual value, There was a strong tendency to enjoy benefits. Especially in 2006, if you want to enjoy transactional convenience through transaction information security or benefit from product service, it has been changed to recognize the importance of information security through payment in 2016.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.841-852
• /
• 2021

Biometric recognition refers to a technology that identifies or verifies an individual after registering each individual's physical, physiological, and behavioral characteristics with an automated device. However, the biometric data used here corresponds to personal information since it can identify an individual. Therefore, when it is compromised or misused, it negatively affects the privacy of the data subject. In this paper, we review the current status of domestic laws related to biometric information and the status of infringements related to this. And then, some biometric application models are derived and vulnerabilities and countermeasures for each model are discussed. Finally, for the developer and service provider of the biometric system, protection guidance is presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2754-2767
• /
• 2019

Cloud computing is widely used in information spreading and processing, which has provided a easy and quick way for users to access data and retrieve service. Generally, in order to prevent the leakage of the information, the data in cloud is transferred in the encrypted form. As one of the traditional security technologies, access control is an important part for cloud security. However, the current access control schemes are not suitable for cloud, thus, it is a vital problem to design an access control scheme which should take account of complex factors to satisfy the various requirements for cipher text protection. We present a novel access control scheme based on proxy re-encryption(PRE) technology (PreBAC) for cipher text. It will suitable for the protection of data confidently and information privacy. At first, We will give the motivations and related works, and then specify system model for our scheme. Secondly, the algorithms are given and security of our scheme is proved. Finally, the comparisons between other schemes are made to show the advantages of PreBAC.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.7
• /
• pp.1501-1509
• /
• 2011

Current identity management 1.0 model, which is service provider-centric and isolated, has several problems such as low usability, high cost structure, difficulty in privacy protection, and lack of trust infrastructure. Though various SSO-based identity management 2.0 models including Passport/Live ID, Liberty Alliance/SAML, CardSpace, and OpenID have been recently developed in order to overcome those problems, they are not widely accepted in real Internet environment so as to replace the existing identity management 1.0 model. This paper firstly analyzes the widely-known identity 2.0 models in a comparative way, and then presents a perspective on the development direction of identity management 3.0 model for future Internet.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.201-210
• /
• 2023

Deep learning-based face verificattion model show high performance and are used in many fields, but there is a possibility the user's face image may be leaked in the process of inputting the face image to the model. Althoughde-identification technology exists as a method for minimizing the exposure of face features, there is a problemin that verification performance decreases when the existing technology is applied. In this paper, after combining the face features of other person, a de-identified face image is created through StyleGAN. In addition, we propose a method of optimizingthe combining ratio of features according to the face verification model using HopSkipJumpAttack. We visualize the images generated by the proposed method to check the de-identification performance, and evaluate the ability to maintain the performance of the face verification model through experiments. That is, face verification can be performed using the de-identified image generated through the proposed method, and leakage of face personal information can be prevented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5560-5579
• /
• 2019

Searchable symmetric encryption (SSE) scheme can perform search on encrypted data directly without revealing the plain data and keywords. At present, many constructive SSE schemes were proposed. However, they cannot really resist the malicious adversary, because it (i.e., the cloud server) may delete some important data. As a result, it is very likely that the returned search results are incorrect. In order to better guarantee the integrity of outsourcing data, and ensure the correction of returned search results at the same time, in this paper, we combine SSE with blockchain (BC), and propose a SSE-on-BC framework model. We then construct two concrete schemes based on the size of the data, which can better provide privacy protection and integrity verification for data. Lastly, we present their security and performance analyses, which show that they are secure and feasible.

• Informatization Policy
• /
• v.29 no.1
• /
• pp.60-83
• /
• 2022

The purpose of this study is to empirically analyze the effect of individual perception of artificial intelligence and the level of digital literacy on the acceptance of artificial intelligence-based public services. For empirical analysis, a research model was set up based on the technology acceptance model and planned behavior theory using survey data of 2017 and analyzed through structural equations. To summarize the results of the analysis, firstly, the positive perception of individuals about artificial intelligence technology plays a role in reinforcing attitudes toward benefits and reducing concerns about public service in which artificial intelligence technology has been introduced. Secondly, the level of digital literacy reinforces both benefits and concerns about artificial intelligence technology, but it was found that the intention to use public services was reinforced through the benefits of artificial intelligence technology perceived by individuals, rather than privacy concerns about artificial intelligence technology. Thirdly, it was confirmed that the perceived benefits of individuals on artificial intelligence technology reinforced the intention to use public civil services, and privacy concerns negatively influenced the intention to use. It was confirmed that the influence of a perceived ease of use and usefulness, as opposed to privacy concerns, further reinforces the intention to use. Both citizens' positive perceptions regarding the accuracy and reliability of information provided through artificial intelligence technology and institutional complementation of responsibility for errors caused by artificial intelligence technology are strengthened, and technical problems related to privacy protection are solved.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.9B
• /
• pp.848-856
• /
• 2006

Location Based Service (LBS) is a service provided to the subscribers based on their (or others') geographical location. Interest in LBS has increased not only in the aspect of promoting utilization, including the public usage such as emergency rescue, but also in the aspect of protecting the personal location information of the subscribers. This study aims to suggest and classify the business models for LBS services, focusing on the flow of the personal location information. Each business model is reviewed from the perspective of protecting the location privacy of the subscribers.