• Annual Conference of KIPS
• /
• 2019.05a
• /
• pp.160-163
• /
• 2019

본 연구는 미국 상무부 소속 국립표준기술연구소(NIST)에 의해 제시된 온라인상에서 디지털 신원 지침(digital identity guidelines)에 대한 내용을 살펴보고, 디지털 신원 서비스를 구현하기 위한 기술적인 요구사항들에 대해 검토 후 국내 본인확인서비스에 적용이 가능한 방안을 제시한다. 온라인상에서 사용자의 신원을 확인하기 위해 다양한 방안이 제시되고 있으며 현행 국내 본인확인서비스의 경우 과도한 개인정보 제공으로 사생활 침해 이슈가 제시되고 있다. 따라서 NIST의 디지털 신원지침에서 제시하는 차등화된 서비스 제공 방안에 대해 검토하고 국내 본인확인서비스에 적용 가능한 방안을 모색한다. 제시한 방안에서 획일화된 본인확인서비스에서 본인확인수단, 인증, 정보제공에 대한 차별적인 방안을 제시함으로써 보다 안전하고 건전한 본인확인서비스의 실현이 가능함을 알 수 있다.

• Annual Conference of KIPS
• /
• 2000.04a
• /
• pp.491-496
• /
• 2000

웹상의 자바 애플릿은 클라이언트의 웹 브라우저에 다운로드 되어서 브라우저 내부에 있는 자바가상기계(JVM : Java Virtual Machine)내에서 실행된다. 각 자바가상기계에는 실행 전에 바이트 코드 검증기와 바이트 코드 인터프리터를 통하여 오류문법을 점검한다. 애플릿을 이용한 잠재적인 공격형태는 시스템 수정, 개인정보의 침해, 서비스 거부공격, 강한 거부감을 느끼게 하는 공격이 있다. 이러한 유해한 애플릿의 공격에 대응하기 위한 방법으로 코드분석, 행위분석, 위치정보등을 이용한 보안기법이 제시되었지만 효율적인 대응을 하지 못하고 있다. 이 논문에서는 자바의 특성을 이용하여 자바클래스 내부의 바이트 코드 수정을 통한 애플릿 보안기술에 대해 기술한다. 유해한 행동이 예상되는 애플릿의 클래스에 대하여 바이트 코드 수정을 통하여 안전한 클래스로 대체함으로서 유해 애플릿 공격으로부터 시스템을 보호한다. 이를 수행하기 위해 프록시 서버를 두어서 웹브라우저의 요구를 수용하고, 이를 웹 서버에게 Safe클래스로 수정하여 요구하며, 그에 대한 응답도 처리한 후 애플릿에게 보여준다. 이는 런타임때 수행되며 웹브라우저, 서버, 클라이언트의 수정없이 프록시 서버의 개입으로 이루어진다.

• Journal of Legislation Research
• /
• no.54
• /
• pp.155-192
• /
• 2018

As the 'hyper-connected society' has emerged through the 'Fourth Industrial Revolution, public interests as well as social dangers have increased. Above all, the risk of infringement of information, including confidential personal information, is dramatically increasing. As the hyper-connected society has been realized, even if only one of the internet devices is hacked, there would be a danger that the ripple effect of such a hacking spreads to the whole network. Therefore, the necessity and importance of information security, including cybersecurity, has been increasing. In other words, the stability of cyberspace and internet space is becoming more important. As a result, the Korean government is seeking to build a legal system related to information security, which would be able to cope with the information infringement problem in the hyper-connected society. However, it seems that the government is still struggling with the direction of building such a legal system. In this context, a comparative review examining the legal systems of advanced foreign countries will provide meaningful implications as to what kinds of legal policies we should devise and implement for information security. In particular, the U.S. legislative act that actively responds to the cybersecurity violations is worthy of reference. For this reason, this article systematically analyzes the current status of the U.S. cybersecurity laws. Especially, this article focuses on the "Cybersecurity Information Sharing Act of 2015"(hereinafter "CISA"), that was recently enacted by the U.S. congress. The CISA prescribes the systemic and detailed information-sharing between national and private entities. The CISA, that actively promotes information-sharing, is full of suggestions for us, in that information-sharing is an effective way to properly realize information security in today's hyper-connected society.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.3-8
• /
• 2014

Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1493-1504
• /
• 2016

As cyber threats have been increased over the Internet, the invasions of personal information are constantly occurring. A malicious user can access the Web site as a normal user using leaked personal information and does illegal activities. This paper proposes an effective method which authenticates a genuine user with real-time. The method use the user's profile which is a record of user's behavior created by Membership Analysis(MA) and Markov Chain Model(MCM). In addition to, user's profile is augmented by a Time Weight(TW) which reflects the user's tendency. This method can detect a malicious user who camouflage normal user. Even if it is a genuine user, it can be determined as an abnomal user if the user acts beyond the record profile. The result of experiment showed a high accuracy, 96%, for the correct user.

• Korean journal of communication and information
• /
• v.76
• /
• pp.151-182
• /
• 2016

The right to be forgotten (RTBF) has been a population notion to address privacy issues associated with the digitalization of information and the dissemination of such information over the global digital network. In May 2014, the European Court of Justice (ECJ) laid down a landmark RTBF decision to grant individuals the right to be de-listed from search results. ECJ's RTBF decision sparked an increased interest in RTBF in South Korea. Academic and non-academic commentators have provided a mistaken or outstretched interpretation of RTBF in claiming that removal of news articles should be read into RTBF in Korean law. Moreover, the Press Arbitration Commission of Korea (PAC) has proposed revising the Press Arbitration Act (PAA) to allow the alleged victims of news reporting to request the deletion of news stories. This article examines the notion of RTBF from its origin to the latest development abroad and also critically explores Korean laws regulation freedom of expression to evaluate if Korea needs the proposed PAA revision.

• The Journal of the Korea Contents Association
• /
• v.12 no.12
• /
• pp.489-498
• /
• 2012

This paper consists of two parts: In the first part, we describe our work to build hierarchical knowledge base of digital library patron's research interests and learning topics in various scholarly areas through analyzing well classified Electronic Theses and Dissertations (ETDs) of NDLTD Union catalog. Journal articles from ACM Transactions and conference web sites of computing areas also are added in the analysis to specialize computing fields. This hierarchical knowledge base would be a useful tool for many social computing and information service applications, such as personalization, recommender system, text mining, technology opportunity mining, information visualization, and so on. In the second part, we compare four grouping algorithms to select best one for our data mining researches by testing each one with the hierarchical knowledge base we described in the first part. From these two studies, we intent to show traditional verification methods for social community miming researches, based on interviewing and answering questionnaires, which are expensive, slow, and privacy threatening, can be replaced with systematic, consistent, fast, and privacy protecting methods by using our suggested hierarchical knowledge base.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.3-35
• /
• 2021

Inmitten der Flut der privaten und öffentlichen Information gilt die riesige Informationsmenge als Schlüsselressource im Zeitalter der 4. industriellen Revolution, repräsentiert durch Big-Data. Das Interesse an diesen wächst weltweit. Es gibt eine aktive Diskussion darüber, wie man Daten sichert und akkumuliert und wie man die gesammelten Daten sicher und effektiv nutzt. Gesundheitsdaten werden vor allem als die wertvollste Ressource bewertet, für die Big-DataTechnologie eingesetzt wird. Um Gesundheitsdaten sinnvoll zu nutzen, müssen verteilte Gesundheitsdaten integriert und den Benutzern in einer Form zur Verfügung gestellt werden, die für Forschung oder Inspektion verwendet werden kann. In einer Situation, in der große Länder um den Aufbau bzw. die Führung der Datenwirtschaft konkurrieren, wurden im August 2020 auch in Südkorea die sog. „3-Daten-Gesetze" geändert, die das Datenschutzgesetz(DSG) enthälten. Das DSG führte das Konzept der pseudonymen Informationen ein und baute eine Rechtsgrundlage für deren Verwendung auf. Als Folgemaßnahme kündigte die, Kommission für den Schutz personenbezogener Daten(Personal Information Protection Commission: PIPC)' die „Richtlinien für die Bahandlung mit pseudonymen Informationen" und, Ministerium für Gesundheit und Wohlfahrt' die „Richtlinien für die Verwendung von Gesundheitsdaten" an. Gesundheitsdaten stehen direkt in Zusammenhang mit Leben und Körper des Menschen und damit enthalten viele sensible Daten. Es handelt sich also um ein System, das aus einer vorsichtigeren und konservativeren Sicht unter der Voraussetzung verwendet werden kann, personenbezogene Daten sicherer zu schützen. Um die Hauptinhalte der „Richtlinien für Verwendung von Gesundheitsdaten" zu analysieren, überprüften wir zunächst die Hauptinhalte des überarbeiteten DSG. Danach durch die Analyse der wesentlichen Inhalte der „Richtlinien für Verwendung von Gesundheitsdaten" wurden Probleme wie Konflikte mit anderen Gesetzen und Verbesserungsmaßnahmen überprüft.

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.217-229
• /
• 2018

Electronic Health Record (EHR) systems are widely adopted worldwide in hospitals for generating and exchanging records of patient information. Recent developments are moving towards implementing interoperable EHR systems that enable information to be shared seamlessly across healthcare organizations. In this context, this paper explores the factors that cause medical information privacy concerns, identifies how people react to privacy invasion and what their perceptions are towards the acceptance of the EHR system. Interviews were conducted to draw a grounded theory on medical information privacy concerns in the use of EHRs. Medical information privacy concerns are caused by perceived sensitivity of medical information and the weaknesses in security technologies. Trust in medical professionals, medical institutions and technologies plays an important role in determining people's reaction to privacy invasion and their perceptions on the use of EHRs.

• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.195-200
• /
• 2019

The role of the Internet of Things in the Fourth Industrial Revolution is in the era of collecting data at the end and analyzing big data through technology to analyze the future or behavior. Therefore, due to the nature of the IoT, it is vulnerable to security and requires a lightweight security protocol. The spread of things Internet technology is changing our lives a lot. IT companies all over the world are already focusing on products and services based on things Internet, and they are going to the era of all things internet that can communicate not only with electronic devices but also with common objects. People, people, people and objects, things and things interact without limitation of time and space, collecting, analyzing and applying information. Life becomes more and more smart, but on the other hand, the possibility of leakage of personal information becomes greater. Therefore, this study proposed security threats that threaten the protection of personal information and countermeasures, and suggested countermeasures for building a secure IoT environment suitable for the Fourth Industrial Revolution.