• The Journal of Information Systems
• /
• v.19 no.2
• /
• pp.1-21
• /
• 2010

웹 2.0 기술의 급속한 발전은 인터넷을 통한 커뮤니티 형성을 효과적으로 가능하게 함으로서 소셜네트워킹 사이트(SNS)의 급속한 성장을 가져왔다. 본 연구는 소셜네트워킹 사이트의 고객충성도를 높이는 요인이 무엇인가를 실증적으로 밝히는데 있다. 연구모형은 세 개의 독립요인(시스템 능력, 정보 적절성, 콘텐츠 가치)과 두 개의 매개요인(사이트 매력도, e-고객만족)으로 구성되어 있다. 중국인들을 대상으로 한 실증연구 결과 정보 적절성과 콘텐츠 가치가 사이트 매력도에 직접 영향을 미치며, 이는 다시 고객만족을 통하여 고객의 충성도에 간접적으로 영향을 미치는 것으로 나타났다. 또한 사이트 매력도는 고객만족과 고객충성도에 강력한 영향을 미치는 것으로 나타났다. 구조모형에 대한 경로분석결과 사이트 매력도는 고객만족도를 높이는 중요한 매개변수임을 밝히고 있다. 본 연구에서는 소셜네트워크 사이트에서 이 매개변수들을 어떻게 하면 효과적으로 높일 것인가에 대한 다양한 시사점들을 제시하고 있다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.232-234
• /
• 2005

유비쿼터스 환경의 도래와 함께, 사용자는 자신이 가입한 서비스별로 또는 사용자와 연관된 객체별로 서로 다른 ID(가명)를 사용할 수 있다. 기존의 ID 기반 암호 스킴은 하나의 ID에 하나의 독립된 복호키가 부여되기 때문에, ID의 개수가 증가하면 상대적으로 복호키의 개수도 증가한다 그러나 ID 별로 별도의 복호키를 생성 관리하는 것은 비밀키의 유지 관리에 따른 효율서의 저하를 가져오므로, 서로 다른 ID를 사용하되, 하나의 복호키를 사용하여 ID를 이용한 정보의 기밀성을 제공할 수 있는 방법이 요구된다. 본 논문에서는 사용자가 복수의 ID를 생성하여 사용하되, 각각의 서로 다른 ID로 암호화된 암호문을 단 하나의 복호키를 이용하여 복호할 수 있는 새로운 pairing 기반 암호 스킴을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.994-996
• /
• 2012

개인건강기록에서 프라이버시를 보호하기 위한 방안으로 환자의 식별정보를 제거하는 익명화와 식별 정보를 가상의 식별자로 변경하였다가 권한을 가진 사용자가 열람할 수 있게 복원하는 가명화, 그리고 건강기록을 암호화하여 정보를 보호하는 방법들이 연구되어 왔다. 본 논문에서는 용어표현을 위해 국제표준코드를 사용하는 건강기록에서 항목별 정보의 민감도에 따라서 암호화 수준을 달리하여 정보전체를 암호화하는 것 보다 효율적이고 강력한 보안수준을 유지할 수 있는 방법을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.417-419
• /
• 2020

데이터 3법 시대에 접어들면서 기업들에는 가명화된 개인정보를 활용할 수 있는 길이 열렸다. 하지만 현 데이터 3법은 데이터를 생성하고 유통하며 활용할 기업들의 책임과 혜택에 내용이 맞춰져 있어 아쉬운 감이 있다. 개인의 기본권을 보장하면서도 마이데이터 유통 및 활용을 도울 방법은 없을까? 본 논문에서는 데이터의 주체인 개인이 데이터 주권을 행사하고 실질적인 혜택을 받는 마이데이터 서비스의 활성화를 위한 ID 관리 기술로 블록체인 기반 분산 ID(Decentralized Identification, DID)를 제안하고, DID 수용의도에 영향을 마치는 요인을 연구함으로써 마이데이터 서비스 개발 활성화를 위한 정책적, 실무적 시사점을 도출하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• The Korean Society of Law and Medicine
• /
• v.23 no.4
• /
• pp.29-74
• /
• 2022

As social disasters occur under the Disaster Management Act, which can damage the people's "life, body, and property" due to the rapid spread and spread of unexpected COVID-19 infectious diseases in 2020, information collected through inspection and reporting of infectious disease pathogens (Article 11), epidemiological investigation (Article 18), epidemiological investigation for vaccination (Article 29), artificial technology, and prevention policy Decision), (3) It was used as an important basis for decision-making in the context of an infectious disease crisis, such as promoting vaccination and understanding the current status of damage. In addition, medical policy decisions using infectious disease data contribute to quarantine policy decisions, information provision, drug development, and research technology development, and interest in the legal scope and limitations of using infectious disease data has increased worldwide. The use of infectious disease data can be classified for the purpose of spreading and blocking infectious diseases, prevention, management, and treatment of infectious diseases, and the use of information will be more widely made in the context of an infectious disease crisis. In particular, as the serious stage of the Disaster Management Act continues, the processing of personal identification information and sensitive information becomes an important issue. Information on "medical records, vaccination drugs, vaccination, underlying diseases, health rankings, long-term care recognition grades, pregnancy, etc." needs to be interpreted. In the case of "prevention, management, and treatment of infectious diseases", it is difficult to clearly define the concept of medical practicesThe types of actions are judged based on "legislative purposes, academic principles, expertise, and social norms," but the balance of legal interests should be based on the need for data use in quarantine policies and urgent judgment in public health crises. Specifically, the speed and degree of transmission of infectious diseases in a crisis, whether the purpose can be achieved without processing sensitive information, whether it unfairly violates the interests of third parties or information subjects, and the effectiveness of introducing quarantine policies through processing sensitive information can be used as major evaluation factors. On the other hand, the collection, provision, and use of infectious disease data for research purposes will be used through pseudonym processing under the Personal Information Protection Act, consent under the Bioethics Act and deliberation by the Institutional Bioethics Committee, and data provision deliberation committee. Therefore, the use of research purposes is recognized as long as procedural validity is secured as it is reviewed by the pseudonym processing and data review committee, the consent of the information subject, and the institutional bioethics review committee. However, the burden on research managers should be reduced by clarifying the pseudonymization or anonymization procedures, the introduction or consent procedures of the comprehensive consent system and the opt-out system should be clearly prepared, and the procedure for re-identifying or securing security that may arise from technological development should be clearly defined.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1147-1157
• /
• 2014

Intelligent transportation system (ITS) is realized through a highly ephemeral network, i.e. vehicular ad hoc network (VANET) which is on its way towards the deployment stage, thanks to the advancements in the automobile and communication technologies. However, it has not been successful, at least to date, to install the technology in the mass of vehicles due to security and privacy challenges. Besides, the users of such technology do not want to put their privacy at stake as a result of communication with peer vehicles or with the infrastructure. Therefore serious privacy measures should be taken before bringing this technology to the roads. To date, privacy issues in ephemeral networks in general and in VANET in particular, have been dealt with through various approaches. So far, multiple pseudonymous approach is the most prominent approach. However, recently it has been found out that even multiple pseudonyms cannot protect the privacy of the user and profilation is still possible even if different pseudonym is used with every message. Therefore, another privacy-aware mechanism is essential in vehicular networks. In this paper, we propose a novel identity exchange mechanism to preserve conditional privacy of the users in VANET. Users exchange their pseudonyms with neighbors and then use neighbors' pseudonyms in their own messages. To this end, our proposed scheme conditionally preserves the privacy where the senders of the message can be revoked by the authorities in case of any dispute.

• Informatization Policy
• /
• v.28 no.3
• /
• pp.49-72
• /
• 2021

This study analyzes the major content, significances, and future outlook of Three Data Acts amendment enacted in August 2020 in South Korea, with the focus on their impact on the financial and data industries. It seems that the revision of the Credit Information Act will enable the specification of a business which had previously only been regulated as the business of credit inquiry, and also enable the domestic data industry to activate the MyData industry, data trading and platforms, and specify data pseudonymization and trading procedures. For the rational and efficient implementation of the amendments to the Three Data Acts, the Personal Information Protection Committee must be as transparent and lawful in its activities as possible, and fairness must be guaranteed. Even in the utilization of personal information, the development or complementation of the related data processing technologies is essential, and clear data processing methods and areas must be regulated. Furthermore, the amendments must be supported with guarantees and the systematization of a fair competitive system in the data market, stricter regulations on penalties for illegal acts related to data, establishment and strengthening of the related security systems, and reinforcement of the system of cooperation for data transfer.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.7
• /
• pp.9-16
• /
• 2016

As life in a rapidly changing Internet age at home and abroad, large amounts of information are being used medical, financial, services, etc. Accordingly, especially hospitals, is an invasion of privacy caused by leakage and intrusion of personal information in the system in medical institutions, including clinics institutions. To protect the privacy & information protection of personal health medical information in medical institutions at home and abroad presented by national policies and de-identification processing technology standards in accordance with the legislation. By comparative analysis in existing domestic and foreign institutional privacy and de-identification technique, derive a advanced one of pseudonymization and anonymization techniques for destination data items that fell short in comparison to the domestic laws and regulations, etc. De-identification processing technology for personal health information is compared to a foreign country pharmaceutical situations. We propose a new de-identification techniques by reducing the risk of re-identification processing to enable the secondary use of domestic medical privacy.

• Informatization Policy
• /
• v.30 no.2
• /
• pp.46-67
• /
• 2023

There are criticisms that, despite the proactive government policy on open government data (hereinafter "open data"), certain highly demanded data remains restricted due to legal constraints. In this study, we aim to analyze the factors that limit the opening and utilization of open data, focusing on cases wherein requests for open data provision have been denied. We will explore possible approaches that are in harmony with the Open Data Law while examining the constitutional value of open data, considering the foundational Open Data Charter that underpins the government's data policy. We will also examine cases wherein requests for data provision have been denied for institutional reasons, with nearly half of these cases involving open data that includes personal information. It is necessary to explore the potential for improvement in these cases. Furthermore, considering the recent amendment to the Personal Information Protection Act, which allows for the processing of pseudonymous information without the consent of the data subject for limited purposes, it is an opportune time to consider the need for amending the Open Data Law to facilitate broader access and utilization of open data for the nation. Lastly, we will propose institutional improvement directions aligned with the opening and utilization of open data by examining the constraints of and need for improvement in the selected target laws.