• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.279-286
• /
• 2012

The purpose of this study was identified the influence of introducing Electronic Medical Records (EMR) on reception attitude, based on literature investigation, the study converted utility and serviceability from Davis TAM Model into awareness of effects in computerized database except attitude variable. The electronic survey for doctors, nurses, medical technicians of a general hospital located in Gangwon-do was performed for 4 weeks from Nov, 11th, 2009 to Dec, 2nd and the collected data was computerized through SPSS 12.0. The factors influencing reception attitude were divided into 4 categories; basic characteristics of the individual, awareness of privacy protection, awareness of effects in computerized database, technological preparation and measured detailed specific variables. As the result of this, the factors influencing reception intention were different depending on recognizing the effectiveness caused by computerization of medical information. Especially, in terms of the difference between basic characteristics of the individual and awareness of privacy protection, there were significant distinctions among 3 sectors; general, transactional, online information management. The significant effects were identified from information management related to business or online information management depending on experiencing security education.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.29-35
• /
• 2017

In this paper, we describe certificate policy and characteristics in cooperation condition with Cooperative intelligent transport system and autonomous driving vehicle. Among the authentication functions of the vehicle, there is a pseudonym authentication function. This pseudonymity is provided for the purpose of protecting the privacy of information that identifies the vehicle driver, passenger or vehicle. Therefore, the purpose of the pseudonym certificate is to be used for reporting on BSM authentication or misbehavior. However, this pseudonym certificate is used in the OBE of the vehicle and does not have a cryptographic key. In this paper, we consider a method for managing a pseudonym authentication function, which is a key feature of the pseudonym certificate, such as location privacy protection, pseudonym function, disposition of linkage value or CRL, request shuffling processing by registry, butterfly key processing, The authentication policy and its characteristics are examined in detail. In connection with the management of pseudonymes of the vehicle, the attacker must record the BSM transmission and trace the driver or vehicle. In this respect, the results of this study are contributing.

• Informatization Policy
• /
• v.21 no.1
• /
• pp.17-34
• /
• 2014

The study on the structure of personal information flows is very important because government can measure and respond the risks caused by companies which collect personal information from other personal data users to operate their business. Recently, as the value of personal information is increasing, number of companies which intend to process a large scale of personal information is increasing too. Accordingly, the issue on the structure of personal data flow has become important for the leading personal information processors which receive far more personal information from others to comply the personal information protection laws. However, research on this issue has rarely performed so far. Therefore, this study proposes a framework for personal information data flow structure based on network theory. Theoretically, the results of the study may contribute to extending the application areas of the network theory to personal information area. Practically, the study may contribute to assisting regulatory authorities to find and monitor personal information processors.

• Journal of Intelligence and Information Systems
• /
• v.19 no.1
• /
• pp.125-139
• /
• 2013

Big data refers to the data that cannot be processes with conventional contemporary data technologies. As smart devices and social network services produces vast amount of data, big data attracts much attention from researchers. There are strong demands form governments and industries for bib data as it can create new values by drawing business insights from data. Since various new technologies to process big data introduced, academic communities also show much interest to the big data domain. A notable advance related to the big data technology has been in various fields. Big data technology makes it possible to access, collect, and save individual's personal data. These technologies enable the analysis of huge amounts of data with lower cost and less time, which is impossible to achieve with traditional methods. It even detects personal information that people do not want to open. Therefore, people using information technology such as the Internet or online services have some level of privacy concerns, and such feelings can hinder continued use of information systems. For example, SNS offers various benefits, but users are sometimes highly exposed to privacy intrusions because they write too much personal information on it. Even though users post their personal information on the Internet by themselves, the data sometimes is not under control of the users. Once the private data is posed on the Internet, it can be transferred to anywhere by a few clicks, and can be abused to create fake identity. In this way, privacy intrusion happens. This study aims to investigate how perceived personal information overload in SNS affects user's risk perception and information privacy concerns. Also, it examines the relationship between the concerns and user resistance behavior. A survey approach and structural equation modeling method are employed for data collection and analysis. This study contributes meaningful insights for academic researchers and policy makers who are planning to develop guidelines for privacy protection. The study shows that information overload on the social network services can bring the significant increase of users' perceived level of privacy risks. In turn, the perceived privacy risks leads to the increased level of privacy concerns. IF privacy concerns increase, it can affect users to from a negative or resistant attitude toward system use. The resistance attitude may lead users to discontinue the use of social network services. Furthermore, information overload is mediated by perceived risks to affect privacy concerns rather than has direct influence on perceived risk. It implies that resistance to the system use can be diminished by reducing perceived risks of users. Given that users' resistant behavior become salient when they have high privacy concerns, the measures to alleviate users' privacy concerns should be conceived. This study makes academic contribution of integrating traditional information overload theory and user resistance theory to investigate perceived privacy concerns in current IS contexts. There is little big data research which examined the technology with empirical and behavioral approach, as the research topic has just emerged. It also makes practical contributions. Information overload connects to the increased level of perceived privacy risks, and discontinued use of the information system. To keep users from departing the system, organizations should develop a system in which private data is controlled and managed with ease. This study suggests that actions to lower the level of perceived risks and privacy concerns should be taken for information systems continuance.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.25-36
• /
• 2019

With the development of information and communication technology, hospitals that electronically process and manage medical information of patients are increasing. However, if medical information is processed electronically, there is still room for infringing personal information of the patient or medical staff. Accordingly, in 2017, the International Organization for Standardization (ISO) published ISO TS 25237 Health Information - Pseudonymization[1]. In this paper, we examine the re - identification process based on ISO TS 25237, the procedure and the problems of our proposed method. In addition, we propose a new processing scheme that adds a re-identification procedure to our secure differential privacy method [2] by keeping a mapping table between de-identified data sets and original data as ciphertext. The proposed method has proved to satisfy the requirements of ISO TS 25237 trust service providers except for some policy matters.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.187-193
• /
• 2017

Objects Internet-based healthcare services provide healthcare and healthcare services, including measurement of user's vital signs, diagnosis and prevention of diseases, through a variety of object internet devices. However, there is a problem that new security vulnerability can occur when inter-working with the security weakness of each element technology because the internet service based on the object Internet provides a service by integrating various element technologies. In this paper, we propose a user privacy protection model that can securely process user's healthcare information from a third party when delivering healthcare information of users using wearable equipment based on IoT in a mobile environment to a server. The proposed model provides attribute values for each healthcare sensor information so that the user can safely handle, store, and store the healthcare information, thereby managing the privacy of the user in a hierarchical manner. As a result of the performance evaluation, the throughput of IoT device is improved by 10.5% on average and the server overhead is 9.9% lower than that of the existing model.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.1-19
• /
• 2022

With the revision of the Credit Information Use and Protection Act in August 2020, the MyData service based on open banking policy will take effect in January 2022. Nonetheless, the previous studies focused on the legal system or security-related issues of such service. Therefore, this paper conducted an empirical study on financial consumers aged 20 or older nationwide to analyze the factors which influence the intention to use MyData services based on open banking. Five characteristics representing open banking-based MyData service were derived through prior research, and a research model that combined value-based adoption model and privacy calculus theory was presented. The proposed research model and the relationship of its variables was analyzed using a sample of 400 users that is randomly selected. The results of empirical analysis showed that personalization had the greatest influence on benefits and reliability on sacrifice among service characteristics. They also suggested that MyData operators should devote themselves to providing customized services optimized for customers and establishing trust relationships. It was confirmed that both usefulness and enjoyment had a great influence on perceived value, and in terms of sacrifice, the burden of financial costs had a greater influence than privacy concerns. This study is meaningful in that it explored the psychological propensity of financial consumers to identify service utilization factors and presented a new approach that can contribute to the successful settlement of the domestic MyData industry.

• Informatization Policy
• /
• v.19 no.1
• /
• pp.74-90
• /
• 2012

This thesis analyzes the Apple Inc.'s case from the viewpoint of the necessity for the protection of information privacy related to location data as for information society and ubiquitous community. Meanwhile, the regulatory conformity to equilibrium of contradictional value between personal data protection and utilization of information is debated from the fundamental right as for constitutional law concept to the commercial and technological structure in terms of economic and business point. Therefore, this paper reaches the conclusion that the legislative system should form a harmonious relationship between legal protection and lawful utilization to reappraise the present condition of legalization on personal data protection from guaranteeing rights and interests of information subject in the perspective of human rights to information guarantee consequently. As a result, it is required to revaluate the lawfulness of the fine on the violation of administrative duty levied by KCC(Korea Communications Commission).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.389-394
• /
• 2012

The cloud computing is a system that provides IT resources service by using internet technologies, which grabs lots of attention today. Though cloud storage services provide service users with convenience, there is a problem in which data confidentiality is not guaranteed because it is hard for data owners to control the access to the data. This article suggested the technique by applying Public-Key Cryptosystem only to a block after dividing users' data into blocks in order to protect users' data in cloud system. Thus confidentiality and integrity are given to users' data stored in cloud storage server.