• Journal of Korean Academy of Fundamentals of Nursing
• /
• v.14 no.2
• /
• pp.204-212
• /
• 2007

Purpose: The purpose of this study was to investigate the patient's perception of the nurse's behavior in protecting patient privacy and to make suggestions for medical facilities to increase protection of patient privacy. Method: The research was a survey study The data on protection of privacy in primary nursing, for physical privacy, of patient information and in private conversations were collected in October 2005 from 187 patients in a university hospital. Frequencies, means, t-test, ANOVA, and $x^2$-test were used to analyze the data. The SPSS 13.0 for Windows program was used. Results: The mean score for patients' perception of nurse protection of their privacy was 3.33. There were significant differences in perception of protecting patients' privacy according to gender for private conversation, according to level of education for all but physical nursing and for number of admissions for total score and for primary nursing. Conclusion: The results of this study suggest the following: a) Institutional polices and nursing guideline should be clearly stated as to the nurses' duty to protect patient privacy. b) Medical facilities should be arranged in a way that allows for the protection of patients' medical information, and should focus on patient privacy. c) It is necessary of nurses to receive periodic in-service education on protecting patient privacy.

• The Journal of Society for e-Business Studies
• /
• v.11 no.2
• /
• pp.13-30
• /
• 2006

Web services are independent on a platform and are suitable in the Ubiquitous environment which an interaction for each device. Ubiquitous web services can use various applied service in any network neighborhood or terminal. Main characteristic of Ubiquitous is context-awareness. Therefore, Ubiquitous web services must include context-aware control process and protect user privacy because context-aware environment collects privacy data. But current web services standard is not specially designed in respect of context-communication. Therefore, the framework which can add flexibility in transmission of context is required. Our Framework can give extension for context and can communicate flexibly Context information for every session. Therefore, Our Framework can solve overhead problem of context in SOAP message and protect user's privacy according to user preference.

• Journal of Internet Computing and Services
• /
• v.18 no.5
• /
• pp.23-30
• /
• 2017

For enjoying the convenience provided by location based services, the user needs to submit his or her location and query to the LBS server. So there is a probability that the untrusted LBS server may expose the user's id and location etc. To protect user's privacy so many approaches have been proposed in the literature. Recently, the approaches about using dummy are getting popular. However, there are a number of things to consider if we want to generate a dummy. For example, when generating a dummy, we have to take the obstacle and the distance between dummies into account so that we can improve the privacy level. Thus, in this paper we proposed an efficient dummy generation algorithm to achieve k-anonymity and protect user's privacy in LBS. Evaluation results show that the algorithm can significantly improve the privacy level when it was compared with others.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.8
• /
• pp.107-115
• /
• 2010

RFID (Radio Frequency IDentification) technology, automatic identification and data capture technologies in ubiquitous computing is an essential skill. Low-cost Radio Frequency Identification tags using memory and no physical contact due to the ease of use and maintenance of excellence are going to use expanded. However, it is possible to the illegal acquisition of the information between RFID tags and readers because RFID uses the RF signal, and the obtained information can be used for the purpose of location tracking and invasion of privacy. In this paper, we proposed the security scheme to protect against the illegal user location tracking and invasion of privacy. The security scheme proposed in this paper, using Gray Code and reduced the capacity of the calculation of the actual tags, However, it is impossible for the malicious attacker to track information because tag information transmitted from the reader is not fixed. Therefore, even if the tags information is obtained by a malicious way, our scheme provides more simple and safe user privacy than any other protection methods to protect user privacy, because not actual information but encrypted information is becoming exposed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• Journal of East-West Nursing Research
• /
• v.29 no.1
• /
• pp.24-32
• /
• 2023

Purpose: This study aims to examine level of perception and performance of privacy protection behavior of anesthesia and operating room (OR) nurses for patients who underwent general anesthesia surgery. Methods: Data collection was conducted from August 2020 to January 2021 for a total of 101 participants, consisting of 49 patients and 52 nurses. Independent t-test and Pearson's correlation were conducted using SPSS 21. Results: Anesthesia and OR nurses showed the highest score in patient privacy, followed by patient information management, body privacy, and the lowest score in communication. There was a significant difference between the patient information and the communication. Conclusion: Anesthesia and OR nurses had the highest level of perception and performance of patient privacy protection behavior for body privacy, and the lowest for communication. In addition, there was a significant difference in patient information management and communication. In order to protect the privacy of patients undergoing general anesthesia surgery, efforts are needed to learn standardized nursing knowledge, attitudes, and practice.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of information and communication convergence engineering
• /
• v.9 no.6
• /
• pp.701-705
• /
• 2011

RFID is a widely adopted in the field of identification technology these days. Radio Frequency IDentification (RFID) has wide applications in many areas including manufacturing, healthcare, and transportation. Because limited resource RFID tags are used, various risks could threaten their abilities to provide essential services to users. A number of RFID protocols have done by researcher in order to protect against some malicious attacks and threat. Existing RFID protocols are able to resolve a number of security and privacy issues, but still unable to overcome other security & privacy related issues. In this paper, we analyses security schemes and vulnerability in RFID application. Considering this RFID security issues, we survey the security threats and open problems related to issues by means of information security and privacy. Neither a symmetric nor an asymmetric cryptographic deployment is necessarily used with light weighted algorithm in the future.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.282-296
• /
• 2013

With the emergence of cloud computing, more and more sensitive user data are outsourced to remote storage servers. The privacy of users' access pattern to the data should be protected to prevent un-trusted storage servers from inferring users' private information or launching stealthy attacks. Meanwhile, the privacy protection schemes should be efficient as cloud users often use thin client devices to access the data. In this paper, we propose a lightweight scheme to protect the privacy of data access pattern. Comparing with existing state-of-the-art solutions, our scheme incurs less communication and computational overhead, requires significantly less storage space at the user side, while consuming similar storage space at the server. Rigorous proofs and extensive evaluations have been conducted to show that the proposed scheme can hide the data access pattern effectively in the long run after a reasonable number of accesses have been made.

• International Commerce and Information Review
• /
• v.1 no.2
• /
• pp.249-271
• /
• 1999

This article deals with concept and theory of privacy and personal data on the basis of understanding of this matter, Especially concerns the infringement and protection of privacy and personal data that is violated by new media and electronic commercial transaction through case study and research of literature. The article seek to find out the resolution of legal problems on the protection of privacy and personal data. The resolution is in other words, that privacy and personal data protection law shall be established as a part of efforts to protect personal data and to activate electronic commercial transactions.