• Journal of Digital Convergence
• /
• v.18 no.10
• /
• pp.23-31
• /
• 2020

As children's participation in online activities has recently increased, online services for children are also rapidly increasing, but children are not sufficiently guaranteed their rights. The purpose of this study is to classify and analyze issues related to the children's online privacy issues in Korea through the current status and case studies of application services mainly used by children. For this purpose, this research analyzed problems related to the children's online privacy protection according to the stage of using the application. As a result of the application content analysis, 1) issues of child identification, 2) effectiveness of notice and consent, and 3) issues of children's rights as subjects of information were derived. Based on the current status analysis, the policy implications were drawn based on the children's online privacy protection in the online environment, and suggestions were made for improvement.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1076-1085
• /
• 2004

Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

• The Journal of Society for e-Business Studies
• /
• v.9 no.3
• /
• pp.39-56
• /
• 2004

This study introduces consumer protection policies at domestic and overseas, regarding the current situation that is raised about, and analyzes how to promote e-commerce with consumer protection oriented. This article explores e-commerce protection policies aiming at enforcing consumer protection and introduces some strategies - enhancing consumer trust, improving electronic transaction disputation, personal information security and privacy and using authorized certificate. This paper aims at suggesting the method of promoting e-commerce through ensuring the consumer trust and decreasing the transaction cost.

• Korean Journal of Human Ecology
• /
• v.16 no.6
• /
• pp.1197-1209
• /
• 2007

The advance of digital contents industry shifts the focus of consumptions; from analogue to digital ones. It gives significant impact on individual life as well as overall society and culture, and it leads to the increased consumption of digital contents. Nevertheless, current digital contents industry fails to secure the sufficient consumer protection systems including relevant rules and laws which regulate the distribution, use, and other transaction activities of digital contents and the efforts, on the part of contents providers, to provide information to consumers and to protect them. Digital contents, by its nature, is different from the existing products so that its nature is likely to cause unique consumer problems totally different from the offline transactions and the electrical transactions of existing products. This study, therefore, aims to identify the possible problems which may be incurred by consumers in their use of digital contents, specify the types of consumer damages, and provide the underlying materials to improve the systems related to digital contents and take legally complementary measures for consumer protection. To identify the types of consumer damages, this study analyzed the results from consumer counselling cases, experts opinion survey, and FGI. For consumer damage cases, this study analyzed the consumer complaints received by open consumer counselling sites of the Korea Consumer Agency and Seoul Electronic Commerce Center. For experts opinion survey, it conducted questionnaire survey of the group of experts from digital contents manufacturers or providers, and those who treated consumer damages directly. For FGI analysis, it organized a panel of students and employees who had used digital contents to understand the types of consumer damages. The results of this study can be summed up as follows. Based on the results from consumer counselling cases, experts opinion survey, and FGI analysis, the consumer damages related to digital contents can be classified, in their nature, into economic or financial damages (25 cases), emotional or psychological ones (15 cases), time-related ones (7 cases), physical ones (4 cases), and privacy-related ones (i.e. leakage of personal data)(3 cases). More specifying the types of damages, damages can be subdivided into contract-, charge-, maintenance-, use-, individual-related ones and other ones. Among them, both contract- and charge-related damages appeared only in the economic or financial damages, whereas user-specific individual damages appeared only in physical and emotional or psychological ones. On the other hand, maintenance- and use-related damages and other ones were observed in both categories of economical or financial damages and time-related ones. Use- and privacy-related damages, in particular, caused emotional or psychological damages.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.13-26
• /
• 2006

RFID technology is evaluated as one of core technologies for ubiquitous environment, because of its various characteristics which barcode systems don't have. However, RFID systems have consumer's privacy infringement problems, such like information leakage and location tracing. We need RFID privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect consumer's privacy perfectly. The most secure protocol, that satisfies all of the three essential security requirements, among existing protocols, is the hash-chain based protocol that Ohkubo proposed. Unfortunately this protocol has a big disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the original scheme of Ohkubo protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.2C
• /
• pp.208-218
• /
• 2008

We are sure that RFID system should be a widely used automatic identification system because of its various advantages and applications. However, many people know that invasions of privacy in RFID system is still critical problem that makes it difficult to be used. Many works for solving this problem have focused on light-weight cryptographic functioning in the RFID tag. An agent scheme is another approach that an agent device controls communications between the tag and the reader for protecting privacy. Generally an agent device has strong security modules and enough capability to process high-level cryptographic protocols and can guarantees consumer privacy. In this paper, we present an enhanced mobile agent for RFID privacy protection. In enhanced MARP, we modified some phases of the original MARP to reduce the probability of successful eavesdropping and to reduce the number of tag's protocol participation. And back-end server can authenticate mobile agents more easily using public key cryptography in this scheme. It guarantees not only privacy protection but also preventing forgery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.121-134
• /
• 2009

Consumer-centric marketing business is surely one of the most successful emerging business but it poses a threat to personal privacy. Between the service provider and the user there are many contrary issues to each other. The enterprise asserts that to abuse the privacy data which is anonymous there is not a problem. The individual only will not be able to willingly submit the problem which is latent. Web traffic analysis technology itself doesn't create issues, but this technology when used on data of personal nature might cause concerns. The most criticized ethical issue involving web traffic analysis is the invasion of privacy. So we need to inspect how many and what kind of personal informations being used and if there is any illegal treatment of personal information. In this paper, we inspect the operation of consumer-centric marketing tools such as web log analysis solutions and data gathering services with web browser toolbar. Also we inspect Microsoft explorer-based toolbar application which records and analyzes personal web browsing pattern through reverse engineering technology. Finally, this identified and explored security and privacy requirement issues to develop more reliable solutions. This study is very important for the balanced development with personal privacy protection and web traffic analysis industry.

• The Journal of the Korea Contents Association
• /
• v.10 no.9
• /
• pp.57-67
• /
• 2010

Smart grid technology can expand energy efficiency into the home by monitoring consumer energy usage in real time and communicating with household devices that respond to demands to shut off during periods of non-use, allowing individual consumers to control their electricity usage more effectively. But, the information collected on a smart grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy. There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from beginning to end. In this paper, using. All-Or-Nothing Transform encryption mode for providing smart grid security, we propose efficient distributed data Management based on XOR operation. The contribution of this paper is to provide a secure algorithm that manages efficiently distributed data in the field of private data in smart grid environment.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.1-17
• /
• 2018

Recently, most online firms are trying to provide personalized services based on customer's data. However, customers are reluctant to give their information to online firm because of concerns about data breach. Online firms are seeking to increase their trust by ensuring the protection of personal information for customers through privacy seal (e.g. e-privacy) or data breach insurance. This research examines the effects of privacy assurance(i.e. privacy seal, data breach insurance) on consumer behavior in online environment. An experiment based on the hypothetical scenario was conducted using a between-subjects 2 (type of privacy assurance) + 1 (control) design. We found that both privacy seal and data breach insurance increased perceived privacy trust. In addition, privacy seal has a positive effect on the intention to provide personal information through perceived privacy trust. Finally, in the case of the group with a high (low) disposition to trust, higher perceived privacy trust is formed through privacy seal (data breach insurance). Theoretical and practical implications are discussed.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.443-446
• /
• 2006

RFID is the core of realizing ubiquitous environment. This is expected to improve economical effect through related industry revitalization, make-work, and so on, in the future, and to be linked to social see-through enhancement via national life change. However unchecked RFID use lets retailers collect unprecedented huge information and they link it to customer information database, so the voice of worry to bring about a result of trampling down consumer privacy doesn't make a negligible situation. Although RFID system is spreaded out socially, the servicing of law and system is not accomplished to protect individuals from personal information violation threat. At the same time, in ubiquitous computing environment, to protect individual information efficiently, from the step of planning and deciding this technology system, constitutional law, norm, the basic legal rights of the people, and so forth is to be considered. The objective of the research is to persent the privacy protection from the viewpoints of law on RFID.