• Asia pacific journal of information systems
• /
• v.20 no.2
• /
• pp.63-86
• /
• 2010

Personalized services directly and indirectly acquire personal data, in part, to provide customers with higher-value services that are specifically context-relevant (such as place and time). Information technologies continue to mature and develop, providing greatly improved performance. Sensory networks and intelligent software can now obtain context data, and that is the cornerstone for providing personalized, context-specific services. Yet, the danger of overflowing personal information is increasing because the data retrieved by the sensors usually contains privacy information. Various technical characteristics of context-aware applications have more troubling implications for information privacy. In parallel with increasing use of context for service personalization, information privacy concerns have also increased such as an unrestricted availability of context information. Those privacy concerns are consistently regarded as a critical issue facing context-aware personalized service success. The entire field of information privacy is growing as an important area of research, with many new definitions and terminologies, because of a need for a better understanding of information privacy concepts. Especially, it requires that the factors of information privacy should be revised according to the characteristics of new technologies. However, previous information privacy factors of context-aware applications have at least two shortcomings. First, there has been little overview of the technology characteristics of context-aware computing. Existing studies have only focused on a small subset of the technical characteristics of context-aware computing. Therefore, there has not been a mutually exclusive set of factors that uniquely and completely describe information privacy on context-aware applications. Second, user survey has been widely used to identify factors of information privacy in most studies despite the limitation of users' knowledge and experiences about context-aware computing technology. To date, since context-aware services have not been widely deployed on a commercial scale yet, only very few people have prior experiences with context-aware personalized services. It is difficult to build users' knowledge about context-aware technology even by increasing their understanding in various ways: scenarios, pictures, flash animation, etc. Nevertheless, conducting a survey, assuming that the participants have sufficient experience or understanding about the technologies shown in the survey, may not be absolutely valid. Moreover, some surveys are based solely on simplifying and hence unrealistic assumptions (e.g., they only consider location information as a context data). A better understanding of information privacy concern in context-aware personalized services is highly needed. Hence, the purpose of this paper is to identify a generic set of factors for elemental information privacy concern in context-aware personalized services and to develop a rank-order list of information privacy concern factors. We consider overall technology characteristics to establish a mutually exclusive set of factors. A Delphi survey, a rigorous data collection method, was deployed to obtain a reliable opinion from the experts and to produce a rank-order list. It, therefore, lends itself well to obtaining a set of universal factors of information privacy concern and its priority. An international panel of researchers and practitioners who have the expertise in privacy and context-aware system fields were involved in our research. Delphi rounds formatting will faithfully follow the procedure for the Delphi study proposed by Okoli and Pawlowski. This will involve three general rounds: (1) brainstorming for important factors; (2) narrowing down the original list to the most important ones; and (3) ranking the list of important factors. For this round only, experts were treated as individuals, not panels. Adapted from Okoli and Pawlowski, we outlined the process of administrating the study. We performed three rounds. In the first and second rounds of the Delphi questionnaire, we gathered a set of exclusive factors for information privacy concern in context-aware personalized services. The respondents were asked to provide at least five main factors for the most appropriate understanding of the information privacy concern in the first round. To do so, some of the main factors found in the literature were presented to the participants. The second round of the questionnaire discussed the main factor provided in the first round, fleshed out with relevant sub-factors. Respondents were then requested to evaluate each sub factor's suitability against the corresponding main factors to determine the final sub-factors from the candidate factors. The sub-factors were found from the literature survey. Final factors selected by over 50% of experts. In the third round, a list of factors with corresponding questions was provided, and the respondents were requested to assess the importance of each main factor and its corresponding sub factors. Finally, we calculated the mean rank of each item to make a final result. While analyzing the data, we focused on group consensus rather than individual insistence. To do so, a concordance analysis, which measures the consistency of the experts' responses over successive rounds of the Delphi, was adopted during the survey process. As a result, experts reported that context data collection and high identifiable level of identical data are the most important factor in the main factors and sub factors, respectively. Additional important sub-factors included diverse types of context data collected, tracking and recording functionalities, and embedded and disappeared sensor devices. The average score of each factor is very useful for future context-aware personalized service development in the view of the information privacy. The final factors have the following differences comparing to those proposed in other studies. First, the concern factors differ from existing studies, which are based on privacy issues that may occur during the lifecycle of acquired user information. However, our study helped to clarify these sometimes vague issues by determining which privacy concern issues are viable based on specific technical characteristics in context-aware personalized services. Since a context-aware service differs in its technical characteristics compared to other services, we selected specific characteristics that had a higher potential to increase user's privacy concerns. Secondly, this study considered privacy issues in terms of service delivery and display that were almost overlooked in existing studies by introducing IPOS as the factor division. Lastly, in each factor, it correlated the level of importance with professionals' opinions as to what extent users have privacy concerns. The reason that it did not select the traditional method questionnaire at that time is that context-aware personalized service considered the absolute lack in understanding and experience of users with new technology. For understanding users' privacy concerns, professionals in the Delphi questionnaire process selected context data collection, tracking and recording, and sensory network as the most important factors among technological characteristics of context-aware personalized services. In the creation of a context-aware personalized services, this study demonstrates the importance and relevance of determining an optimal methodology, and which technologies and in what sequence are needed, to acquire what types of users' context information. Most studies focus on which services and systems should be provided and developed by utilizing context information on the supposition, along with the development of context-aware technology. However, the results in this study show that, in terms of users' privacy, it is necessary to pay greater attention to the activities that acquire context information. To inspect the results in the evaluation of sub factor, additional studies would be necessary for approaches on reducing users' privacy concerns toward technological characteristics such as highly identifiable level of identical data, diverse types of context data collected, tracking and recording functionality, embedded and disappearing sensor devices. The factor ranked the next highest level of importance after input is a context-aware service delivery that is related to output. The results show that delivery and display showing services to users in a context-aware personalized services toward the anywhere-anytime-any device concept have been regarded as even more important than in previous computing environment. Considering the concern factors to develop context aware personalized services will help to increase service success rate and hopefully user acceptance for those services. Our future work will be to adopt these factors for qualifying context aware service development projects such as u-city development projects in terms of service quality and hence user acceptance.

• The Journal of Society for e-Business Studies
• /
• v.10 no.4
• /
• pp.53-81
• /
• 2005

Current DRM system has limitation in protection of user's privacy Therefore, many troubles are expected in service providing if it comes into the ubiquitous times of context-aware environment. HKUST Proposed a watermark-based web service DRM system. However, the relevant study does not consider ubiquitous environment and cannot provide service that considered a context. And privacy protection of a user is impossible. On the other hand, Netherlands Phillips laboratory indicated a privacy problem of a DRM system and they proposed an alternative method about this. However, in relevant study, a Sniffing/Replay attack is possible if communicated authentication information are exposed between a user and device. We designed web services adaptable privacy-aware DRM architecture which supplements these disadvantages. Our architecture can secure user authentication mechanism for sniffing/Replay attack and keep anonymity and protect privacy Therefore , we can implement the privacy-aware considered web service DRM system in Context-Aware environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2708-2730
• /
• 2012

The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

• The KIPS Transactions:PartC
• /
• v.13C no.4 s.107
• /
• pp.415-426
• /
• 2006

The essential characteristic of ubiquitous is context-awareness, and that means ubiquitous computing can automatically process the data that change according to space and time, without users' intervention. However, in circumstance of context awareness, since location information is able to be collected without users' clear approval, users cannot control their location information completely. These problems can cause privacy issue when users access their location information. Therefore, it is important to construct the location information system, which decides to release the information considering privacy under the condition such as location, users' situation, and people who demand information. Therefore, in order to intercept an outflow information and provide securely location-based information, this paper suggests a new system based CS-RBAC with the existing LBS, which responds sensitively as customer's situation. Moreover, it accommodates a merit of PCP reflecting user's preference constructively. Also, through privacy weight, it makes information not only decide to providing information, but endow 'grade'. By this method, users' data can be protected safely with foundation of 'Role' in context-aware circumstance.

• The Journal of Society for e-Business Studies
• /
• v.11 no.2
• /
• pp.13-30
• /
• 2006

Web services are independent on a platform and are suitable in the Ubiquitous environment which an interaction for each device. Ubiquitous web services can use various applied service in any network neighborhood or terminal. Main characteristic of Ubiquitous is context-awareness. Therefore, Ubiquitous web services must include context-aware control process and protect user privacy because context-aware environment collects privacy data. But current web services standard is not specially designed in respect of context-communication. Therefore, the framework which can add flexibility in transmission of context is required. Our Framework can give extension for context and can communicate flexibly Context information for every session. Therefore, Our Framework can solve overhead problem of context in SOAP message and protect user's privacy according to user preference.

• Proceedings of the Korean Information Science Society Conference
• /
• 2011.06a
• /
• pp.116-119
• /
• 2011

Mobile devices are increasingly used, and changed persons' social habits of creating new relationship. While existed systems can not satisfied the principles of user-centered, convenient and ensure privacy. This paper describes an intelligent name-card exchange technique in context-aware smart phone, which has no verbose user operation, ability of intelligent match based on context-aware information, and privacy protection.

• 한국경영정보학회:학술대회논문집
• /
• 2007.11a
• /
• pp.411-416
• /
• 2007

Only a few P3P-based privacy aware systems address the discrepancy between a service provider's privacy policy and the user's typical concerns-hence, putting service usage at risk. Moreover, since users are typically nomadic in pervasive computing services, their specific privacy concerns would dynamically change according to the surrounding context. This leads us to develop a dynamically adjusting P3P-based policy for a personalized, privacy-aware service as a core element of secure pervasive computing. Hence, the purpose of this paper is to propose a pervasive P3P-based negotiation mechanism for privacy control which functions in a dynamic and flexible way.

• International Journal of Contents
• /
• v.13 no.1
• /
• pp.22-30
• /
• 2017

The diffusion of advanced mobile technology has introduced new types of personal information or 'location data'. These new data mean new opportunities for businesses, such as location-based services (LBS), but have resulted in new consumer anxieties regarding disclosure of personal information. This study examines the effects of the consumers' perceived control over "time-andplace" information in location-aware services on their perceived privacy risk. A total of 270 respondents participated in this study. Conditions of perceived privacy control were operationalized over time-and-place information, in a $2{\times}2$ factorial design. Results indicate that the perceived control over time-and-place personal information is a significant predictor of perceived risk, and control assurances over time-and-place information enhances the perception of control, thus alleviating the perceived risk. In addition, the effect is much more significant when time and place were combined.

• Journal of Computing Science and Engineering
• /
• v.2 no.2
• /
• pp.137-160
• /
• 2008

The increasing availability of personal location data pushed by the widespread use of location-sensing technologies raises concerns with respect to the safeguard of location privacy. To address such concerns location privacy-preserving techniques are being investigated. An important area of application for such techniques is represented by Location Based Services (LBS). Many privacy-preserving techniques designed for LBS are based on the idea of forwarding to the LBS provider obfuscated locations, namely position information at low spatial resolution, in place of actual users' positions. Obfuscation techniques are generally based on the use of geometric methods. In this paper, we argue that such methods can lead to the disclosure of sensitive location information and thus to privacy leaks. We thus propose a novel method which takes into account the semantic context in which users are located. The original contribution of the paper is the introduction of a comprehensive framework consisting of a semantic-aware obfuscation model, a novel algorithm for the generation of obfuscated spaces for which we report results from an experimental evaluation and reference architecture.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.71-84
• /
• 2019

Various researchers conducted the research on two-factor authentication suitable for wireless sensor networks (WSNs) after Das first proposed two-factor authentication combining the smart card and password. After then, To improve the security of user authentication, elliptic curve cryptography(ECC)-based authentication protocols have been proposed. Jiang et al. proposed a privacy-aware two-factor authentication protocol based on ECC for WSM for resolving various problems of ECC-based authentication protocols. However, Jiang et al.'s protocol has the vulnerabilities on a lack of mutual authentication, a risk of SID modification and a lack of sensor anonymity, and user's ID exposed on sensor node Therefore, this paper proposed security enhanced privacy-aware two-factor authentication protocol for wireless sensor networks to solve the problem of Jiang et al.'s protocol, and security analysis was conducted for the proposed protocol.