• International Journal of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.1-8
• /
• 2023

This paper analyzes the trends of identification proofing services(PIPSs) to identify and authenticate users online and proposes a method to improve PIPS based on alternative means of resident registration numbers in Korea. Digital identity proofing services play an important role in modern society, but there are some problems. Since they handle sensitive personal information, there is a risk of information leakage, hacking, or inappropriate access. Additionally, online service providers may incur additional costs by applying different PIPSs, which results in online service users bearing the costs. In particular, in these days of globalization, different PIPSs are being used in various countries, which can cause difficulties in international activities due to lack of global consistency. Overseas online PIPSs include expansion of biometric authentication, increase in mobile identity proofing, and distributed identity proofing using blockchain. This paper analyzes the trend of PIPSs that prove themselves when identifying users of online services in non-face-to-face overseas situations, and proposes improvements by comparing them with alternative means of Korean resident registration numbers. Through the proposed method, it will be possible to strengthen the safety of Korea's PIPS and expand the provision of more reliable identification services.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.591-608
• /
• 2023

With the emergence of advanced encryption technologies such as Quantum Cryptography and Full Disk Encryption, an era of strengthening information security has begun. Users respond positively to the advancement of privacy-enhancing technology, on the other hand, investigative agencies have difficulty unveiling the actual truth as they fail to decrypt devices. In particular, unlike past ciphers, encryption methods using biometric information such as fingerprints, iris, and faces have become common and have faced technical limitations in collecting digital evidence. Accordingly, normative solutions have emerged as a major issue. The United States enacted the CLOUD Act with the legal mechanism of 'Contempt of court' and in 2016, the United Kingdom substantiated the Compelled Decryption through the Investigatory Powers Act (IPA). However, it is difficult to enforce Compelled Decryption on individuals in Korea because Korean is highly sensitive to personal information. Therefore, in this paper, we sought a method of introducing a Compelled Decryption that does not contradict the people's legal sentiment through a perception survey of 95 people on the Compelled Decryption. We tried to compare and review the Budapest Convention with major overseas laws such as the United States and the United Kingdom, and to suggest a direction of legislation acceptable to the people in ways to minimize infringement of privacy. We hope that this study will be an effective legal response plan for law enforcement agencies that can normatively overcome the technical limitations of decoding.

• Journal of the Korean Society of Radiology
• /
• v.16 no.5
• /
• pp.627-637
• /
• 2022

The purpose of this study is to comply with the operation and management of medical image information in PACS, the necessity of anonymizing the patient's personal information and the management status of the medical image information related to the personal The purpose of this study was to raise, discuss, and suggest the need for unification and coherence of the law by studying the content of the issues related to information related laws. In order to utilize information related to medical image information, it is necessary to unify the "Medical Act" or the "Bioethics Act" for clear legal application and consider the legal system's consistency. Since there is a possibility of conflict due to issues that are not yet established, systematic coherence of the law is required to find the basic common denominator for the utilization and use of medical image information and to harmonize the law. In addition, the necessity of enacting the "Medical Information Protection Act" that can be practically applied and easily practiced by medical personnel and managers in the clinical field so that sensitive matters of medical image information and personal information can be protected and managed in a specific and systematic way.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.9
• /
• pp.2044-2055
• /
• 2015

Financial information systems play such a pivotal role in the financial institution services that are provided for a large customers on the basis of various information including the personal information. As for the personal information collected during the transactions in the financial information systems, huge efforts and investment have been made to protect previously them from being inappropriately misused or illegally used if they could be released. Unfortunately, the frequent accidents on the leakage of sensitive personal information have occurred recently not only by external service users but even by internal system users. Therefore, the aim of this study is to suggest a model of advanced two-channel authentication for internal users in order to increase the stability of financial information systems with enhanced security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.541-547
• /
• 2019

As leakage cases of personal information increase, the concern of personal information protection is also increasing. As a result, most applications encrypt and store sensitive information such as personal information. Especially, in case of instant messengers, it is more difficult to find database where is not encrypted and stored. However, this kind of database encryption acts as anti-forensic from the point of view of digital forensic investigation. In this paper, we analyze database encryption process of MalangMalang Talkcafe application which is one of instant messenger. Based on our analysis, we propose a decryption method and explain the meaningful information collected in the database.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.13-18
• /
• 2014

The usage rate of user due to advances in smartphone development is higher than the usage rate to use a PC. However, smartphone usage popularized research to protect sensitive information, such as smart phone users personal information, financial information is a small state. In this paper, we analyzed the various vulnerabilities in smartphone studies to date have been looking into the corresponding port smart consumer dispute resolution methods and criteria for smartphone security attack methods and analysis. In particular, the threat of such a network, malware, Peep attack of the security threats arising from the smartphone they can avoid or mitigate threats to minimize the smartphone security damage is done to the disclosure of personal information, such as direct damage or financial loss the analysis of that method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.10
• /
• pp.2481-2490
• /
• 2015

The issue of PHR is maintained on the server will be in the hospital. PHR information stored on the server, such as a patient's illness and treatment is very sensitive information. Therefore, patients should be guaranteed the protection of privacy. In addition, the PHR should be allowed to group access of it's approach. Therefore, in this paper the proposed group signature using hierarchical identity-based encryption schemes into can guarantee the PHR data privacy. The session key generated by group signature, it is use a tiered approach. The generated session keys safe PHR data transmission is possible. The proposed method is average 80% than the PKI encryption and ID-based encryption rather than average 50% the algorithm processing is more efficient

• Asia pacific journal of information systems
• /
• v.8 no.2
• /
• pp.85-104
• /
• 1998

It is assumed that employees' ethical judgements and attitudes in handling personal and organizational information differ, depending upon their hierarchical ranks in organizations and types of information. Therefore we investigated how differently employees at different ranks judge hypothetical behaviors(or situations); their manner of handling various types of information in their daily activities in business organizations. Sixteen hypotheses based on combinations of 3 ethical areas and 5 information types were developed and tested. We found that three management ranks have shown significantly different ethical attitude about i)the accessibility to strategic planning and managerial information and ii)the property of managerial, operational and informal information. This research can help organizations to design better education programs and ethical codes to guide employees who process sensitive information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.173-180
• /
• 2015

The advent of personal healthcare record(PHR) technology has been changing the uses as well as the paradigm of internet services, and emphasizing the importance of services being personalization. But the problem of user's privacy infringement and leaking user's sensitive medical information is increasing with the fusion of PHR technology and healthcare. In this paper, we propose a security labeling scheme for privacy protection in PHR system. In the proposed scheme, PHR data can be labeled also manually based on patient's request or the security labelling rules. The proposed scheme can be used to control access, specify protective measures, and determine additional handling restrictions required by a communications security policy.