• Journal of the Korean Institute of Intelligent Systems
• /
• v.18 no.4
• /
• pp.437-444
• /
• 2008

This paper deals with the biometric template protection in the biometric system which has been widely used for personal authentication. First, we consider the structure of the biometric system and the function of its sub-systems and define the biometric template and identification(ID) information. And then, we describe the biometric template attack points of a biometric system and attack examples and provide their countermeasures. From this, we classify the vulnerability which can be protected by encryption and hashing techniques. For more detail investigation of these at real operating situations, we analyze them and suggest several protection methods for the typical application scheme of biometric systems such as local model, download model, attached model, and center model. Finally, we also handle the privacy problem which is most controversy issue related to the biometric systems and suggest some guidances of safeguarding procedures on establishing privacy sympathy biometric systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.10
• /
• pp.2708-2730
• /
• 2012

The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

• The Journal of the Korea Contents Association
• /
• v.9 no.12
• /
• pp.787-796
• /
• 2009

The electronic commerce keeps going through a tremendous growth since the latter half of 1990's. But the consumer damages are being increased from characteristics such as non-confrontation, anonymity, internationality, unilaterality and possibility of temptation. Accordingly, this thesis has derived legal and systematic improvements for consumer protection in general as follows. First of all, it is necessary to extend the period to exercise the subscription withdrawal rights according to electronic commerce consumer protection law. Second, the electronic commerce has high possibility of causing errors by consumers because it is performed by non-confrontation and the accurate information must be provided to prevent errors in advance because it is not easy for consumers to prove their own errors. Third, a certification mark system on electronic agreement has to be adopted. Fourth, the legal, systematic and technological measures have to be adopted to prevent from having a sense of fear toward leaking or using personal information through a safe personal information management. Fifth, a strict supervision on internet trust mark is required. Finally, because the intervention or interference by a third party may take place through a hacking on messages or documents sent according to procedure in terms of online settlement, it is necessary to raise security on the system through a precise authentication between concerned parties.

• Annual Conference of KIPS
• /
• 2018.05a
• /
• pp.135-138
• /
• 2018

In Japan, 24th May 2013, the Act on the Use of Numbers to Identify a Specific Individual in the Administrative Procedure (From now on referred to as the My Number Act) had raised. My Number system is used to confirm that information on individuals possessed by multiple agencies such as administrative agencies and local governments are information of the same person. In this paper, we analyzed the all item assessment report of the Specific Personal Information Protection Assessment conducted in local governments in Japan, etc. We investigated two directions: (1) Adequacy of risk assessment and measures, (2) Reuse of the Assessment Report.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.41-49
• /
• 2016

Smart Grid is a next generation of new power growth electrical grid which provide high quality of electrical service by using Information Technologies to increase intelligence and performance. By using Smart Grid system, it can support energy management such as increase quality of electrical power, decrease energy and decrease emissions. However, Smart Grid uses information of energy consumption and when Smart Grid collects information, it will create private information. In this thesis, it will address issues of security private information which caused by Smart Grid for administrative measure and efficiency of Smart Grid in domestic. Also, cryptographic module algorithm, latest security solutions and strong wireless security policy for network environment such as wireless communication Iinternet are require for Smart Grid perform successfully and protect national power network equipment from cyber-attack and can stop leakage of user's personal information. Finally, it is urgent to prepare protection measures of National industrial facilities and power grid which can prepare for a cyber terrorism and penetration attacks and build emergency countermeasure management team for Smart Grid are require for safe Smart Grid environment.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.195-200
• /
• 2020

Korea enacted the Protection of Public Interest Reporters Act in March 2011 to protect whistleblowers from acts of infringement of public interest in the private sector. Most acts of infringement of the public interest are carried out secretly within the organization, which is known to the outside world by reports from members of the organization who are well aware of the problems within the organization. However, whistleblowers are at a disadvantage due to reporting and are reluctant to report. In addition, measures are needed to strengthen institutional mechanisms such as confidentiality, protection of personal information, responsibility, and prohibition of disadvantageous measures to effectively protect reporters due to lack of practical protective measures. Therefore, practical protection measures for whistleblowers are needed in line with the purpose of protecting whistleblowers, and measures to expand the corresponding compensation system will also be needed. Therefore, in this study, we would like to review the main contents of the current system for protecting whistleblowers in Korea and suggest reasonable improvement measures for protecting whistleblowers.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.578-579
• /
• 2021

According to a survey on the infringement of SMEs, the level of technology protection capability is improving every year, but technology leaks and damage continue to occur. This shows that there is a need for a security management and supervision system that can strengthen the security awareness of SME executives and employees and maintain the security level continuously. The Personal Information & Information Security Management System(ISMS-P) authentication systems is the latest related standard, which has the problem of applying the same certification criteria without considering the types of certification target organizations such as ISPs, IDC, hospitals and schools, and SMEs.. In this paper, 73 evaluation items that can be specialized and applied to SMEs were derived by referring to ISMS-P certification and Personal Information Protection Management System (PIMS) certification. The results of the study show that the number of evaluation items decreased by 28.4% compared to the existing ISMS-P certification.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.05a
• /
• pp.663-666
• /
• 2012

Since September 30 2011, depending on Personal Information Protection Act article 29 and Act standard securing personal information safety the fifth clause of article 7, in case personal information manager of public and private enterprise saves unique indentifying information to internal network, the manager can enforce that decide checking of cryptographic application and a range of application following risk analysis criteria result. Until December 31 2012, enterprises complete the application of cryptographic technology or the equivalent. The paper is research and development on supporting tool that suggest risk analysis criteria based on personal information risk analysis criteria that be provided by MOPAS(Ministry Of Public Administration and Security) and KISA(Korea Internet Security Agency) for personal information processing.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.6B
• /
• pp.962-969
• /
• 2010

Recently, RFID technology can successfully be used to reduce medical errors. This technology can aid in the accurate matching of patients with their medications and treatments. The enthusiasm for using RFID technology in medical settings has been tempered by privacy concerns. In this paper, we propose a secure and efficient RFID authentication system to not only authenticate patients' authenticity but also protect patients' personal medical informations. The proposed system consists of RFID-based patient authentication protocol and database security protocol. As a result, since the proposed RFID authentication system provides strong security and efficiency, it can be used practically for patient authentication and personal medical information protection on the high technology medical environments such as u-Hospital and u-Healthcare.