• Journal of Information Technology Applications and Management
• /
• v.14 no.3
• /
• pp.151-168
• /
• 2007

RFID is an emerging technology and rapidly applied to various industries due to its high-tech characteristic and convenience. Although RFID provides valuable benefits. it might also generate serious privacy problems. Previous studies show that privacy issues should be incorporated in developing RFID systems and more detailed privacy protection methods. However. they just provide basic concept, rough guideline. and simple architecture about RFID privacy protection. Industry needs more structured framework and detailed systematic process to incorporate privacy issues into the RFID system. The purpose of this paper is to develop a framework and detailed process design of RFID privacy protection issues in retail industries. A framework is developed based on individual sensitivity concept, RFID contents, and interface with EPC global standard. Case study is applied to validate the framework and it turns out to be useful. It is expected that the proposed framework and process design would provide more systematic guide lines to solving RFID privacy problems.

• International Journal of Fuzzy Logic and Intelligent Systems
• /
• v.11 no.3
• /
• pp.197-203
• /
• 2011

Personal Identifiable Information (PII) is considered information that identifies or can be used to identify, contact, or locate a person to whom such information pertains or that is or might be linked to a natural person directly or indirectly. In order to recognize such data processed within information and communication technologies such as PII, it should be determined at which stage the information identifies, or can be associated with, an individual. For this, there has been ongoing research for privacy protection mechanism to protect PII, which now becomes one of hot issues in the International Standard as privacy framework and privacy reference architecture. Data processing flow models should be developed as an integral component of privacy risk assessments. Such diagrams are also the basis for categorizing PII. The data processing flow may not only show areas where the PII has a certain level of sensitivity or importance and, as a consequence, requires the implementation of stronger safeguarding measures. This paper propose a standard format for satisfying the ISO/IEC 29100 "Privacy Framework" and shows an implementation example for privacy reference architecture implementing privacy controls for the processing of PII in information and communication technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.5
• /
• pp.1717-1732
• /
• 2015

The widespread use of location-based services (LBSs), which allows untrusted service provider to collect large number of user request records, leads to serious privacy concerns. In response to these issues, a number of LBS privacy protection mechanisms (LPPMs) have been recently proposed. However, the evaluation of these LPPMs usually disregards the background knowledge that the adversary may possess about users' contextual information, which runs the risk of wrongly evaluating users' query privacy. In this paper, we address these issues by proposing a generic formal quantification framework,which comprehensively contemplate the various elements that influence the query privacy of users and explicitly states the knowledge that an adversary might have in the context of query privacy. Moreover, a way to model the adversary's attack on query privacy is proposed, which allows us to show the insufficiency of the existing query privacy metrics, e.g., k-anonymity. Thus we propose two new metrics: entropy anonymity and mutual information anonymity. Lastly, we run a set of experiments on datasets generated by network based generator of moving objects proposed by Thomas Brinkhoff. The results show the effectiveness and efficient of our framework to measure the LPPM.

• ETRI Journal
• /
• v.35 no.3
• /
• pp.501-511
• /
• 2013

Protecting privacy is an important goal in designing location-based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k-anonymity, timed fuzzy logic, and a one-way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one-way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k-anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.

• Journal of Information Processing Systems
• /
• v.5 no.1
• /
• pp.19-24
• /
• 2009

Many researchers have developed frameworks that are capable of handling context information and can be adapted and used by any Web service. However, no research involving the systematic analysis of existing frameworks has yet been conducted. This paper examines the Context Framework, an example of existing frameworks, using a Petri net, and analyzes its advantages and disadvantages. Then, a Petri net model - with its disadvantages removed - is introduced, and a new framework is presented on the basis of that model. The proposed PAWS (Privacy Aware Web Services) framework has a expendability for context management and communicates flexible context information for every session. The proposed framework can solve overhead problems of context in SOAP messages. It also protects user privacy according to user preferences.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.157-164
• /
• 2006

Information is playing a key role in sufficing the needs of individual members of the society in today's rapidly changing environment. Especially, the cases of illegal gathering of privacy information will increase and the leakage of privacy information will grow as the individual activities in the ubiquitous computing environment. In this paper, we suggested the privacy framework in order to make design and implementation of secure and effective privacy management system. Ant we also introduced the methodology which is represent to 5 specific stages in order to suggest to the privacy system development guideline from the standpoints of the privacy system operator or developer. Especially, we tried to determine whether the suggested methodology can be effectively used in the real computing environment or not by making necessary investments in management (privacy policy) and technical (system architecture) sides. We believe that the privacy framework and methodology introduced in this research can be utilized to suggest new approach for showing direction from the privacy protection perspective, which is becoming more important in ubiquitous environments, and practical application rather than providing conceptual explanation from the views of engineer or developer.

• Journal of Information Processing Systems
• /
• v.13 no.6
• /
• pp.1613-1627
• /
• 2017

The concept of the Internet of Things (IoT) enables physical objects or things to be virtually accessible for both consuming and providing services. Undue access from irresponsible activities becomes an interesting issue to address. Maintenance of data integrity and privacy of objects is important from the perspective of security. Privacy can be achieved through various techniques: password authentication, cryptography, and the use of mathematical models to assess the level of security of other objects. Individual methods like these are less effective in increasing the security aspect. Comprehensive security schemes such as the use of frameworks are considered better, regardless of the framework model used, whether centralized, semi-centralized, or distributed ones. In this paper, we propose a new semi-centralized security framework that aims to improve privacy in IoT using the parameters of trust and reputation. A new algorithm to elect a reputation coordinator, i.e., ConTrust Manager is proposed in this framework. This framework allows each object to determine other objects that are considered trusted before the communication process is implemented. Evaluation of the proposed framework was done through simulation, which shows that the framework can be used as an alternative solution for improving security in the IoT.

• Asia pacific journal of information systems
• /
• v.28 no.2
• /
• pp.133-153
• /
• 2018

This study investigates responses to privacy concerns by analyzing the psychological and behavioral characteristics related to the disposition toward invoices of courier service users. To this end, we develop a theoretical framework by combining stimulus response theory, communication privacy management theory, the theory of reasoned action, and the theory of planned behavior. Based on the theoretical framework, we analyze the relationships between social influence, privacy propensity, privacy control, privacy risk, privacy concern, invoice disposition intention, and invoice disposition behavior in the context of courier services. To test our hypotheses, we survey courier service users in the U.S. and Korea. Using a structural equation model, we test the relationships among these various factors for the courier service users of the two countries. Results have distinct implications for the psychological and behavioral characteristics concerning the disposal of courier invoices and enable understanding of the characteristics of courier service customers of the two countries.

• The Journal of Society for e-Business Studies
• /
• v.11 no.2
• /
• pp.13-30
• /
• 2006

Web services are independent on a platform and are suitable in the Ubiquitous environment which an interaction for each device. Ubiquitous web services can use various applied service in any network neighborhood or terminal. Main characteristic of Ubiquitous is context-awareness. Therefore, Ubiquitous web services must include context-aware control process and protect user privacy because context-aware environment collects privacy data. But current web services standard is not specially designed in respect of context-communication. Therefore, the framework which can add flexibility in transmission of context is required. Our Framework can give extension for context and can communicate flexibly Context information for every session. Therefore, Our Framework can solve overhead problem of context in SOAP message and protect user's privacy according to user preference.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.411-427
• /
• 2010

Data sharing is an essential process for collaborative works particularly in the banking, finance and healthcare industries. These industries require many collaborative works with their internal and external parties such as branches, clients, and service providers. When data are shared among collaborators, security and privacy concerns becoming crucial issues and cannot be avoided. Privacy is an important issue that is frequently discussed during the development of collaborative systems. It is closely related with the security issues because each of them can affect the other. The tradeoff between privacy and security is an interesting topic that we are going to address in this paper. In view of the practical problems in the existing approaches, we propose a collaborative framework which can be used to facilitate concurrent operations, single point failure problem, and overcome constraints for two-party computation. Two secure computation protocols will be discussed to demonstrate our collaborative framework.