• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.97-106
• /
• 2014

CCTV(Closed Circuit television) is one of the widely used physical security technologies and video acquisition device installed at specific point with various purposes. Recently, as the CCTV capabilities improve, facial recognition from the information collected from CCTV video is under development. However, in case these technologies are exploited, concerns on major privacy infringement are high. Especially, a computer connected to a particular space images taken by the camera in real time over the Internet has emerged to show information services. In the privacy law, safety measures which is related with biometric template are notified. Accordingly, in this paper, for the protection of privacy video information in the video surveillance system, the technical and managerial requirements for video information security are suggested.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.77-102
• /
• 2015

FinTech service industry has been growing rapidly around the world. It has driven innovation in financial and payment service industry with different channels such as mobile based on Information and Communications Technology (ICT). However, FinTech service is vulnerable to different security threats due to use the valuable data such as personal information and financial information. It is undeniable that collection and use of those information may increase the possibility of identity theft or privacy breach. In this paper will develop a self-checklist for the Simple Payment service users (Privacy Pragmatists) who want to make a rational decision to protect their personal information. The checklist is going to let the users assess the personal information protection by performing the assessment themself when they use the service. The body of this paper is going to analyze the items of the checklist and through the analysis, will suggest a security policy for personal information protection of FinTech service.

• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.295-302
• /
• 2016

Many countries, especially ICT powers, are supporting IoT-based technology at a national level and this technology is actively being researched in the businesses and research institutes in an aim to develop technology and create an ecosystem. Roads in the Seoul city are building public facilities based on IoT to provide various services and conveniences for the users. However, for the full-fledged introduction and development of IoT, there are many cases where infringement on security and privacy and threat for life and safety happen. Also, as the IoT environment includes various environment technologies such as the existing sensor network, heterogeneous communication network, and devices optimized for the IoT environment, it inherits the existing security threat and various attack techniques. This paper researches the attribute based encryption technology for safe communication in the IoT environment. The data collected from the device is transmitted utilizing the attribute based encryption and by designing the key generation protocol, grades and authorities for the device and users are identified to transmit safe messages.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.10
• /
• pp.107-115
• /
• 2013

Recently, the RFID technology is combined with a u-healthcare services is an emerging trend in the field of medical services. u-healthcare service, as covering the field of personal health information beyond the level of simple health screening and treatment of life are closely related. Considering security, invasion of privacy, as well as life may be threatened even if your personal health information to be exposed or exploited illegally u-Healthcare services certification is essential. In 2012, Jeong proposed J-L patient authentication protocol that Initialization process, and patients using RFID technology separates the certification process. Jeong, such as the claim that the proposed protocol for reuse attacks, spoofing attacks, prevent information disclosure and traceability fire safety, but raises issues of security and operations efficiency. Therefore, in this paper, Jeong, such as the security of the proposed protocol and to prove the computational efficiency issues, and to enhance the safety and efficiency of RFID technology based on practical u-Healthcare services authentication protocol is proposed.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.399-406
• /
• 2010

Many problems are arisen due to the weakness in the security and invasion to privacy by malicious attacker or internal users while various data services are available in ubiquitous network environment. The matter of controlling security for various contents and large capacity of data has appeared as an important issue to solve this problem. The allocation methods of Ito, Saito and Nishizeki based on traditional polynomial require all shares to restore the secret information shared. On the contrary, the secret information can be restored if the shares beyond the threshold value is collected. In addition, it has the effect of distributed DBMS operation which distributes and restores the data, especially the flexibility in realization by using parameters t,v,k in combinatorial design which has regularity in DB server and share selection. This paper discuss the construction of new share allocation method and data distribution/storage management with the application of matrix structure of t-(v,k,1) design for allocating share when using secret sharing in management scheme to solve the matter of allocating share.

• Journal of Intelligence and Information Systems
• /
• v.15 no.1
• /
• pp.31-50
• /
• 2009

As the collected information which is static or dynamic is infinite in ubiquitous computing environments, information overload and invasion of privacy have been pressing issues in the recommendation service. In this study, we propose a recommendation service procedure through P2P, The P2P helps customer to obtain effective and secure product information because of communication among customers who have the similar preference about the products without connection to server. To evaluate the performance of the proposed recommendation service, we utilized real transaction and product data of the Korean mobile company which service character images. We developed a prototype recommender system and demonstrated that the proposed recommendation service makes an effect on recommending product in the ubiquitous environments. We expect that the information overload and invasion of privacy will be solved by the proposed recommendation procedure in ubiquitous environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.157-168
• /
• 2013

The social network service is the bidirectional media that all of the users are be able to directly produce, process, and distribute the information without distinction of the producer and consumer. Over increasing the users rapidly, the users are be able to obtain and share the various information, but the problems occur due to the spread of unreliable information on the service. Moreover, it is spreading the problems violating the privacy and decreasing the reliability of the users by exploiting the open environment. Therefore, sensitive information can be delivered only to users which information producer can trust, and the users should get the information from the trustworthy users. Due to this necessity, it needs the efficient method can evaluates the reliability of the users. In this paper, we define the reliability in the service, make the trust parameter by using the function of the service, and propose the dynamic user reliability evaluation scheme evaluating the reliability of users. We draw the trust range on the reliability of users by analyzing the proposed reliability evaluation scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.369-383
• /
• 2018

User authentication using PIN input or lock pattern is widely used as a user authentication method of smartphones. However, it is vulnerable to shoulder surfing attacks and because of low complexity of PIN and lock pattern, it has low security. To complement these problems, keystroke dynamics have been used as an authentication method for complex authentication and researches on this have been in progress. However, many studies have used imposter data in classifier training and validation. When keystroke dynamics authentications are actually applied in reality, it is realistic to use only legitimate user data for training, and using other people's data as imposter training data may result in problems such as leakage of authentication data and invasion of privacy. In response, in this paper, we experiment and obtain the optimal ratio of the thresholds for distance based classification. By suggesting the optimal ratio, we try to contribute to the real applications of keystroke authentications.

• The Journal of the Korea Contents Association
• /
• v.20 no.8
• /
• pp.34-41
• /
• 2020

An era of stabilizing IoT markets and rapid expansion is coming. In an IoT environment, communication environments where objects take the lead in communication can occur depending on the situation, and communication with unspecified IoT environments has increased the need for thorough management of personal sensitive information. Although there are benefits that can be gained by changing environment due to IoT, there are problems where personal sensitive information is transmitted in the name of big data without even knowing it. For the safe management of personal sensitive information transmitted through sensors in IoT environment, the government plans to propose measures to enhance information protection in IoT environment as the use of non-identifiable personal information in IoT environment is expected to be activated in earnest through the amendment of the Data 3 Act and the initial collection method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2B
• /
• pp.296-301
• /
• 2010

Radio frequency identification(RFID) system can identify an object using wireless transmission. RFID applications are numerous and far reaching. The most interesting and widely used applications are supply chain management for companies. Currently, RFID tags must be detached or killed for security and privacy reasons when tagged objects are purchased. In this paper, we present a new architecture that transfers information about products from the electronic product code information services (EPCIS) server of a company to an individual's personal purchases management (PPM) server when products with RFID codes are sold. It solves the security and privacy issues without detaching the tag. Moreover, the PPM server described in this paper allows customers to handle the expiration dates, updates, location management, and group management of products.