• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.207-216
• /
• 2024

As big data was built due to the 4th Industrial Revolution, personalized services increased rapidly. As a result, the amount of personal information collected from online services has increased, and concerns about users' personal information leakage and privacy infringement have increased. Online service providers provide privacy policies to address concerns about privacy infringement of users, but privacy policies are often misused due to the long and complex problem that it is difficult for users to directly identify risk items. Therefore, there is a need for a method that can automatically check whether the privacy policy is safe. However, the safety verification technique of the conventional blacklist and machine learning-based privacy policy has a problem that is difficult to expand or has low accessibility. In this paper, to solve the problem, we propose a safety verification technique for the privacy policy using the GPT-3.5 API, which is a generative artificial intelligence. Classification work can be performed evenin a new environment, and it shows the possibility that the general public without expertise can easily inspect the privacy policy. In the experiment, how accurately the blacklist-based privacy policy and the GPT-based privacy policy classify safe and unsafe sentences and the time spent on classification was measured. According to the experimental results, the proposed technique showed 10.34% higher accuracy on average than the conventional blacklist-based sentence safety verification technique.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.1-12
• /
• 2016

Today, with the popularity of smart phones and the proliferation of SNS, anyone is exposed to the risk of personal information leakage. Unlike the prior studies of privacy, this research aims to identify the privacy factors affecting the provision intention of individual information from the SNS Users. This study also analyses how the perceived privacy risks and corporate trust affect the provision intention of individual information. The analysis results of empirical data show that despite experiencing the privacy leakage such as direct hacking and being aware of the risk, people are providing firms with personal information. The most influential variables to perceived privacy risk are information privacy policy, information privacy concern, previous privacy experience and information privacy awareness in the decreasing order of importance. Those to the corporate trust are information privacy policy, information privacy awareness, previous privacy concern and information privacy experience. Besides, the corporate trust and the perceived privacy risk also affect the provision intention of personal information. Finally, this study proposes the implications for personal information privacy.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.10B
• /
• pp.648-659
• /
• 2005

One's identity on the Internet has been disclosed and abused without his consent. Personal information must be protected by appropriate security safeguard. An Individual should have the right to know whether his personal details have been collected and stored. This paper proposes various conceptual models for designing privacy enabling service architecture in the Internet identity management system. For the restriction of access to personal information, we introduce the owner's policy and the management policy The owner's policy should provide the user with enough information to manage easily and securely his data. To control precisely and effectively all personal information in the Identity provider, we propose the privacy management policy and the privacy authorization model.

• The Journal of Society for e-Business Studies
• /
• v.21 no.1
• /
• pp.131-145
• /
• 2016

This study built the theoretical frameworks for empirical analysis based on the analysis of the relationship among the concepts of risk of information privacy, the policy of information privacy via the provision studies. Also, in order to analyze the relationship among the factors such as the concern of information privacy, trust, intention to offer the personal information, this study investigated the concepts of information privacy and studies related with the privacy, and established a research model about the information privacy. Followings are the results of this study: First, the information privacy risk has the positive effects upon the information privacy concern and it has the negative effects upon the trust. Second, the information privacy policy has the positive effects upon the information privacy concern and it has the negative effects upon the trust. Third, the information privacy concern has the negative effects upon the trust. At last, the information privacy concern has the negative effects upon the provision intention of personal information and the trust has positive effects upon the offering intention of personal information.

• Journal of Digital Convergence
• /
• v.14 no.2
• /
• pp.65-72
• /
• 2016

This study built the theoretical frameworks for empirical analysis based on the analysis of the relationship among the concepts of risk of information privacy, the experience of information privacy, the policy of information privacy and information control via the provision intention studies. Also, in order to analyze the relationship among the factors such as the risk of information privacy, intention to offer the personal information, this study investigated the concepts of information privacy and studies related with the privacy, established a research model about the information privacy. Followings are the results of this study: First, the information privacy risk, information privacy experience, information privacy policy, and information control have positive effects upon the information privacy concern. Second, the information privacy concern has the negative effects upon the provision intention of personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.51-59
• /
• 2008

As the innovative IT are being developed and applied in the e-business environment, firms are recognizing the fact that amount of customer information is providing care competitive edge. However, sensitive privacy information are abused and misused, and it is affecting the firms to require appropriate measures to protect privacy information and implement security techniques to safeguard carparate resources. This research analyzes the threat of privacy information exposure in the e-business environment, suggest the IPM-Trusted Privacy Policy Model in order to resolve the related problem, and examines 4 key mechanisms (CAM, SPM, RBAC Controller, OCM) focused on privacy protection. The model is analyzed and designed to enable access management and control by assigning user access rights based on privacy information policy and procedures in the e-business environment. Further, this research suggests practical use areas by applying TPM to CRM in e-business environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.47-61
• /
• 2006

In the Internet era, enterprises want to use personal information of their own or other enterprises' subscribers, and even provide it to other enterprises for their profit. In this paper, a privacy authorization system for personal information based on privacy policies of users and enterprises is designed and implemented. Privacy policies of users and enterprises are described in XACML. Also, components of policy in XACML 2.0 such as Purpose, Obligation are suitable for expressing privacy policy. A prototype of privacy authorization system is implemented by modifying and extending the SUNXACML 1.2, a Sun's implementation of XACML 1.0 and some features of XACML 2.0, and GUI tools for composing and verifying are also developed.

• Information Systems Review
• /
• v.22 no.2
• /
• pp.101-120
• /
• 2020

This study investigates the effects of privacy psychological characteristics of B2C logistics services users on their willingness to comply with their logistics companies' information protection policy. Using cognitive valence theory as a theoretical framework, this study proposes a research model to examine the relationships between users' logistics security knowledge, privacy trust, privacy risk, privacy concern, and their willingness of information protection policy compliance. To test the proposed model, we conducted a survey from actual users of logistics services and collected valid 151 samples. We analyzed the data using a structural equation modeling software. The empirical results show that logistics security knowledge positively affects privacy trust; privacy concern positively influences privacy risk; privacy trust, privacy risk, and privacy concern positively influence behavioral willingness of compliance. However, logistics security knowledge does not affect behavioral willingness of compliance. The results of the study provide several contributions to the literature of B2C logistics services domain and managerial implications to logistics services companies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2768-2780
• /
• 2019

Ciphertext-policy attribute-based encryption (CP-ABE) is one of the practical technologies to share data over cloud since it can protect data confidentiality and support fine-grained access control on the encrypted data. However, most of the previous schemes only focus on data confidentiality without considering data receiver privacy preserving. Recently, Li et al.(in TIIS, 10(7), 2016.7) proposed a CP-ABE with hidden access policy and testing, where they declare their scheme achieves privacy preserving for the encryptor and decryptor, and also has high decryption efficiency. Unfortunately, in this paper, we show that their scheme fails to achieve hidden access policy at first. It means that any adversary can obtain access policy information by a simple decisional Diffie-Hellman test (DDH-test) attack. Then we give a method to overcome this shortcoming. Security and performance analyses show that the proposed scheme not only achieves the privacy protection for users, but also has higher efficiency than the original one.