• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.665-679
• /
• 2018

With the development of information and communication technology, especially wireless Internet technology and the spread of smart phones, digital data has increased. As a result, privacy issues which concerns about exposure of personal sensitive information are increasing. In this paper, we analyze the privacy vulnerability of online big data in domestic internet environment, especially focusing on portal service, and propose a measure to evaluate the possibility of privacy violation. For this purpose, we collected about 50 million user posts from the potal service contents and extracted the personal information. we find that potal service user can be identified by the extracted personal information even though the user id is partially anonymized. In addition, we proposed a risk measurement evaluation method that reflects the possibility of personal information linkage between service using partial anonymized ID and personal information exposure level.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.45 no.3
• /
• pp.22-30
• /
• 2008

Recently, protection of personal information is getting more important. Many countries have legislated about the protection of personal information. Now, the protection of relevant personal information is required not for a simple image of enterprises but law obligation. Most databases in enterprises used to store customers' names, addresses and credit card numbers with no exceptions. The personal information about a person is sensitive, and this asset is strategic. Therefore, most enterprises make an effort to preserve personal information safely. If someone, however, hacks password information of DBMS manager, no one can trust this system. Therefore, encryption is required based in order to protect data in the database. Because of database encryption, however, it is the problem of database performance in terms of computation time and the limited SQL query. Thus, we proposed an efficient query method to solve the problem of encrypted data in this paper.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.125-137
• /
• 2023

Companies that handle sensitive information, led by public institutions, establish separate networks for work and the Internet and protect important data through strong access control measures to prevent cyber attacks. Therefore, systems that involve the junction where the Intranet(internal LAN for work purposes only) and the Internet network are connected require the establishment of a safe security environment through both administrative and technical measures. Mobile Device Management(MDM) solutions to control mobile devices used by institutions are one such example. As this system operates by handling sensitive information such as mobile device information and user information on the Internet network, stringent security measures are required during operation. In this study, a model was proposed to manage sensitive information data processing in systems that must operate on the Internet network by managing it on the internal work network, and the function design and implementation were centered on an MDM solution based on a network interconnection solution.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.123-132
• /
• 2019

Rapid developments of IT technology has been creating new security threats. There have been more attacks to get patients' sensitive personal information, targeting medical institutions that are relatively insufficient to prevent and defend against such attacks. Although the government has required senior general hospitals to get the ISMS certification since 2016, such a requirement has been burdensome for small and medium-sized medical institutions. Therefore, this study was designed to draw measures to identify and improve the privacy status of the medical institution by dividing it into management, physical and cyber areas for small and medium-sized medical institutions. The results of this study showed that the government should provide financial support and managerial supervision for the improvement of personal information protection of small and medium-sized medical institutions. They also suggested that the government should also provide medical security specialists, continuous medical security education, disaster planning, reduction of medical information management regulations not suitable for small and medium sized institutions.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.279-284
• /
• 2014

Recently, m-health care is be a problem that the patient's information is easily exposed to third parties in case of emergency situation. This paper propose an attribute-based access control protocol to minimize the exposure to patient privacy using patient information in the emergency environment. Proposed protocol, the patient's sensitive information to a third party do not expose sensitive information to the patient's personal health information, including hospital staff and patients on a random number to generate cryptographic keys to sign hash. In addition, patient information from a third party that is in order to prevent the illegal exploitation of the patient and the hospital staff to maintain synchronization between to prevent the leakage of personal health information.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.492-497
• /
• 2019

This study analysed the legal concept of personal information(PI), which was not differentiated from behavioral information, and established it clearly for invigorating online targeted advertising(OTA), which draw attention in big data era; by selecting Guidelines of Assessment of Data Breach Incident Factors and Guidelines of Measures for No-Identifying Personal Information based on Personal Information Protection Act(PIPA) and Enforcement Decree of the PIPA. As a result, PI was defined as any kind of information relating to (1)a living individual(not group, corporate body or things etc.); (2)makes possibly identify the individual by his or her identifiers such as name, resident registration number, image, etc. (not included if not identify the individual); and (3)including information like attribute values which makes possibly identify any specific individual, if not by itself, but combined with other information which can be actually collected and combined). Specifically, PI includes basic, proper distinguishable, sensitive and other PI. It is suggested that PI concept should be researched continually with digital technology development; the effectiveness of the Guidelines of PI Protection in OTA, the legal principles of PI protection from not only users' but business operators' perspectives and the differentiation between PI and behavioral information in OTA should be researched.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.4
• /
• pp.109-115
• /
• 2016

Life log started with the simple purpose of recording or sharing mainly data regarding one's personal life, but with the introduction of advanced specialized analytic methods by many corporations, a new type of business based on the life log recently emerged, with an aim of improving the quality of people's personal lives. In spite of the indispensable advantages, however, personal health lifelog service brings critical challenges that cannot be avoided from user side if the security of the data is concerned. The problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the revitalization of personal health lifelog services. In this paper, we propose an information security reference model for the personal health lifelog services. Our proposal can contribute to increase the related industry to cultivate new market by suggesting the clear announcement of the guidelines using privacy protection reference model for user-specific healthcare services which uses personal lifelog.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.999-1012
• /
• 2020

As the utilize of personal health records increases in recent years, research on cryptographic protocol for protecting personal information of personal health records has been actively conducted. Currently, personal health records are commonly encrypted and outsourced to the cloud. However, this method is limited in verifying the integrity of personal health records, and there is a problem with poor data availability because it is essential to use it in decryption. To solve this problem, this paper proposes a verifiable cloud-based personal health record management scheme using Redactable signature scheme and zero-knowledge proof. Verifiable cloud-based personal health record management scheme can be used to verify the integrity of the original document while preserving privacy by deleting sensitive information by using Redactable signature scheme, and to verify that the redacted document has not been deleted or modified except for the deleted part of the original document by using the zero-knowledge proof. In addition, it is designed to increase the availability of data than the existing management schemes by designing to recover deleted parts only when necessary through the Redact Recovery Authority. And we propose a verifiable cloud-based personal health record management model using the proposed scheme, and analysed its efficiency by implementing the proposed scheme.

• Management & Information Systems Review
• /
• v.6
• /
• pp.227-266
• /
• 2001

These days the use of personal computer has become generalized at factory, office, house, etc and this fact indicates that visual display terminal work became popular in every field of our society. The use of computer improves work efficiency, productivity & qualify but in addition, it also generated the physical and mental diseases or defects so called VDT syndrome to workers. The purpose of this paper is to analyse the computer-work-related anti-physical, anti-psychogenic symptoms & side effects through the data drawn from workers who use computers on their works, and to find out methods of improvement & humanization of computer works. The follows are the results of questions about personal sensibility of VDT syndrome. 1. Female workers are more sensitive to the side effects of computer labor than males. 2. Workers aged twenties feel more severe symptoms of VDT syndrome than thirties or fourties, but there are no level of significance. 3. Middle managements workers are the most sensitive group to VDT syndrome, on the other hand tow managements are less sensitive than operators. 4. The result of questions indicates that a phone conductress show more severe VDT syndrome symptoms than business affairs or an engineer workers, with level of significance. 5. The longer computer work engagement period, the more evident VDT syndrome symptoms appear. For instance, workers who have more than 2 year engagement period complain more severe symptoms, compared workers who have less than 2 year engagement period. 6. Long computer working time per day also increases VDT syndrome severity specially people who have more than 2 hours in working time in a day have much less severe symptoms, compared people whose daily working time exceeds 2 hours. 7. Specific body part which shows VDT syndrome symptoms is shoulder, wrist, neck, finger, eye, waist, arm in the order of severity. 8. Sensibility of VDT syndrome symptoms have effect on degree of vocational satisfaction.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.2
• /
• pp.371-381
• /
• 2011

Recently, there are some social issues that personal sensitive data in database were let out. The best method to protect these personal sensitive data is used by the database encryption method. But the encrypting database makes the query difficult. So, there are a lot of study to protect the database and increase the query efficiency as well. In this paper, we analysed recent research trend to protect the sensitive data and propose the combined method using buckets and the bloom filter for the medical database with range property. Compared to bucket index model, the proposed method can increase bucket index value and protect data distribution exposure. We can estimate that this proposed method can improve searching time and efficiency.