• Review of KIISC
• /
• v.15 no.6
• /
• pp.46-52
• /
• 2005

신원확인을 위하여 생체정보를 수집하거나, 이용하는 데 있어서 준수하여야 할 생체정보 보호대책에 관한 중요사항을 정함으로써 생체정보의 안전한 이용 환경을 조성하고, 개인의 권리와 이익을 보호하는 것을 목적으로 한다. 본고에서는 유무선 통신환경에서 생체정보가 수집${\cdot}$저장${\cdot}$전송${\cdot}$폐기 전 과정에서 발생 가능한 취약점과 위협을 정의하고, 이에 대한 기술적${\cdot}$관리적 보호대책에 대한 가이드라인을 제시하고자 한다. 한편, ITU-T, ISO 등 국제 표준 및 국내 TTA 단체 규격 등과 호환 가능하도록 보안대책을 제시함으로서 국가 간의 생체정보에 대한 보호조치 방안에 관하여 상호 연동성을 보장한다. 본고는 유비쿼터스 환경에서 생체인식 국가인프라가 구축되는 시점에서 발생할 수 있는 생체정보에 대한 불신감과 인권침해 등의 사회적인 논란을 최소화하고 개인의 생체정보 보호기술의 발전과 관련 응용서비스 활성화에 기여할 것이다. 또한 전자여권${\cdot}$ 선원신분증${\cdot}$ 국제운전면허증${\cdot}$ 전자주민증 등 공항${\cdot}$항만${\cdot}$육로의 출입국관리에 생체정보의 활용이 전 세계적으로 보급 확산되는 시점에서 생체정보 활용 및 생체인식시스템에 대한 신뢰성을 제공함으로서 국내 생체인식산업의 활성화에 기여할 수 있다고 기대한다.

• The Journal of Society for e-Business Studies
• /
• v.17 no.1
• /
• pp.137-150
• /
• 2012

For social demand and technological development, systematic private information management and security guidance have been enhanced; however, the issue of leakage and invasion of private information is shown in many ways. In the management of such private information, the issue of how to protect such information is one of the sensitive key elements. As a criterion to decide the management policy of each property information consisting of private information, this article suggests Dynamic-Security-Level-Measurement for property information. DSLM adopts the variable characteristics of property information as the element of measurement. By applying this method, it is possible to provide information management functions to cope with the changes of each property information security level of an individual actively. It is expected that this will improve the security of previous information management methods even more and also contribute to the improvement of security in integrated systems such as the integrated ID management system and electronic wallet.

• Review of KIISC
• /
• v.20 no.3
• /
• pp.90-96
• /
• 2010

최근 의료기술 발전에 따라 질병의 예방 및 관리에 대한 소비자의 요구사항이 증가하고 있다. 이러한 요구사항에 부응하기 위해 IT와 의료분야의 융합으로 u-헬스케어 서비스가 실현되고 있다. 언제 어디서나 의료서비스를 제공받을 수 있는 u-헬스케어 서비스의 활성화는 의료데이터의 공유 및 활용이 전제조건이 될 것이다. 그러나 의료데이터의 공유 및 활용으로 인해 의료정보에 포함된 개인정보, 병력정보 등의 프라이버시가 침해될 우려가 있다. 본 논문에서는 의료데이터의 공유 및 활용상에서 발생하는 보안 요구사항을 검토한다.

• Digital Contents
• /
• no.1 s.116
• /
• pp.84-99
• /
• 2003

본고를 통해 일반적으로 소비자, 이용자·네티즌 등의 법적의미와 온라인 사업자로 지칭되는 인터넷 기타 정보통신관련 사업자들의 법률 적용 범위를 명확히 함으로써 사업자, 전기통신사업자, 정보통신서비스제공자, 전자거래 사업자, 전자상거래 사업자, 통신판매업자의 관계를 관련 특별법을 통해 비교,분석해 그 정의와 법적 범위를 분명히 하는데 일조하고자 한다. 또한 이러한 관계에서 정보주체의 개인정보 도용사례를 기술적 과정과 동향을 통해 구체적으로 살펴보기로 한다.

• Review of KIISC
• /
• v.33 no.5
• /
• pp.39-46
• /
• 2023

4차 산업혁명과 더불어 빅데이터의 활용이 보편화되었고, 최근 생성형 AI를 기점으로 인류의 정보 활용은 매년 그 최대치를 갱신하고 있다. 이 과정에서 의도치 않은 개인정보 노출 및 프라이버시 침해 사례들이 발생하고 있다. 동형암호는 정보 활용과 보호가 동시에 필요한 이 시점에서 주목할만한 기술이다. 최근에는 국내·외 다양한 분야에서 동형암호 기술의 적용사례가 등장하고 있으며, 이는 동형암호 기술이 상용화 단계에 이르렀음을 보여 준다. 본 고에서는 동형암호 활용사례를 중심으로 동형암호 기술 동향을 살펴보고자 한다.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.3-8
• /
• 2024

Recently, in order to build a cyber threats have increased in number and complexity. These threats increase the risk of using personally owned devices for work. This research addresses how to utilize an AI-enabled breach analysis tool. To this end, we developed and proposed the feasibility of using an AI-based breach analysis tool that reduces the workload of analysts and improves analysis efficiency through automated analysis processes. This allows analysts to focus on more important tasks. The purpose of this research is to propose the development and utilization of an AI-based breach analysis tool. We propose a new research direction in the field of breach analysis and suggest that automated tools should be improved in performance, coverage, and ease of use to enable organizations to respond to cyberattacks more effectively. As a research method, we developed a breach analysis tool using A.I. technology and studied various use cases. We also evaluated the performance, coverage, and ease of use of automated tools, and conducted research on predicting and preventing breaches and automatically responding to them. As a result, this research will serve as a foundation for the development and utilization of AI-based breach analysis tools, which can be used to respond to cyberattacks more effectively through experiments.

• Journal of Digital Convergence
• /
• v.14 no.2
• /
• pp.191-196
• /
• 2016

The organizations and companies establish personal information protection policy under the law and guidelines. They carry out access control without consideration for distinctiveness of the information although the damage degree varies when the information is leaked. Considering the distinctiveness, a policy needs to be made for individuals to protect his personal information. However, he is not able to write the policy because of lack of understanding the system. To write his own policy efficiently, the system that authorizes ones according to service list provided by organizations is necessary. This paper suggests the model and method that write personal policy for his information protection based on the service list provided by organizations. Through this model, fine-grained authorization and policy change are easily made and ultimately the access control customized according to one's own information is possible.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.49-56
• /
• 2021

Recently, artificial intelligence is regarded as an essential technology in our society. In particular, the invasion of privacy in artificial intelligence has become a serious problem in modern society. Split learning, proposed at MIT in 2019 for privacy protection, is a type of federated learning technique that does not share any raw data. In this study, we studied a safe and accurate segmentation learning model using known differential privacy to safely manage data. In addition, we trained SVHN and GTSRB on a split learning model to which 15 different types of differential privacy are applied, and checked whether the learning is stable. By conducting a learning data extraction attack, a differential privacy budget that prevents attacks is quantitatively derived through MSE.

• 한국HCI학회:학술대회논문집
• /
• 2008.02a
• /
• pp.269-273
• /
• 2008

In ubiquitous environments, clients move between domains freely and its activities in the other domains are growth. Like this environment, the service provider makes access or activity records what they are provided to clients. This record can make a privacy problem to recognize a person or trace some works. So this record must be kept and managed by user instead of the service provider. In this paper, we propose a system that can gather those records from the service provider to home domain server which client's managing by themselves. In addition, if remote domain manager requests that record by the legal process, system can transfer only a range of information which allowed by client to keep personal privacy.

• Information Systems Review
• /
• v.20 no.3
• /
• pp.33-49
• /
• 2018

Since there are growing concerns regarding personal information, users have perceived the importance of it. It makes users try to manage and control personal information by their own intentions. Therefore, we assume users now have begun to perceive psychological ownership on personal information. A main objective of this study is to identitythe relationship between accountability, self-identity, self-efficacy and sense of belongingness and psychological ownership on personal information. We conduct an online-basedsurvey and establish a structural equation model for testing hypothesis. The results show that users' accountability, self-identity and sense of belongingness positively influence to psychological ownership on personal information. Additionally, users' perceived psychological ownership on personal information increase their concern for information privacy. This study suggests a new concept as 'perceived psychological ownership on personal information' to explain for intentions of their psychological possessions toward personal information. The findings of this study can provide a way for how firms have to require clients' personal information with increasing their satisfactions.