• The KIPS Transactions:PartC
• /
• v.14C no.7
• /
• pp.545-552
• /
• 2007

P3P(Platform for Privacy Preference) that is used in the World Wide Web is a standard to define and negotiate policies about definition, transmission, collection, and maintenance of personal information. Current P3P standard provides methods that define client personal information protection policy and P3P policy associated with web server. It also provides a method that compares these two policies. The current P3P standard, however, does not handle detail functions for safe transmission of the personal information and data. Also, it does not handle problems that can be induced by the detail functions. In this paper, in order to solve these problems, we propose a Secure P3P(S-P3P) protocol, which is a security protocol for the current P3P standard, offers mutual authentication between the web server and the client, and guarantees integrity and confidentiality of the messages and data. Furthermore, a S-P3P protocol provides non-repudiation on transmission and reception of personal information that is transmitted from the client to the web server.

• Smart Media Journal
• /
• v.10 no.2
• /
• pp.84-91
• /
• 2021

In the EU GDPR, when collecting personal information, the right of the information subject(user) to consent or refuse is given the highest priority. Therefore, the information subject must be able to withdraw consent and be forgotten and claim the right at any time. Especially, restricted IoT devices(Constrained Node) implement the function of consent of the data subject regarding the collection and processing of privacy data, and it is very difficult to post the utilization content of the collected information. In this paper, we designed and implemented a management system that allows data subjects to monitor data collected and processed from IoT devices, recognize information leakage problems, connect, and control devices. Taking into account the common information of the standard OCF(Open Connectivity Foundation) of IoT devices and AllJoyn, a device connection framework, 10 meta-data for information protection were defined, and this was named DPD (Data Protection Descriptor). we developed DPM (Data Protection Manager), a software that allows information subjects to manage information based on DPD.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.552-555
• /
• 2017

It is de-identification that emerged to find the trade-off between the use of big data and the protection of personal information. In particular, in the field of medical that deals with various semi-identifier information and sensitive information, de-identification must be performed in order to use medical consultation such as EMR and voice, KakaoTalk, and SNS. However, there is no separate law for medical information protection and legislation for de-identification. Therefore, in this study, we present the current status of de-identification of personal information, the status and case of de-identification of medical information, and finally we provide issues and solutions for medial information protection and de-identification.

• Safety and Health at Work
• /
• v.10 no.2
• /
• pp.166-171
• /
• 2019

Objective: This study explored personal protective equipment (PPE) availability and PPE utilization among interventionalists in the catheterization laboratory, which is a highly contextualized workplace. Methods: This is a cross-sectional study using mixed methods. Participants (108) completed a survey. A hyperlink was sent to the participants, or they were asked to complete a paper-based survey. Purposively selected participants (54) were selected for individual (30) or group (six) interviews. The interviews were conducted at conferences, or appointments were made to see the participants. Logistic regression analysis was performed. The qualitative data were analyzed thematically. Results: Lead glasses were consistently used 10.2% and never used 61.1% of the time. All forms of PPE were inconsistently used by 92.6% of participants. Women were 4.3 times more likely to report that PPE was not available. PPE compliance was related to fit and availability. Conclusions: PPE use was inconsistent and not always available. Improving the culture of radiation protection in catheterization laboratories is essential to improve PPE compliance with the aim of protecting patients and operators. This culture of radiation protection must include all those involved including the users of PPE and the administrators and managers who are responsible for supplying sufficient, appropriate, fitting PPE for all workers requiring such protection.

• Asia Marketing Journal
• /
• v.7 no.3
• /
• pp.121-141
• /
• 2005

Most of the people in marketing area know that database marketing has been one of the most powerful marketing tools and thus database marketing industry grows bigger and bigger. For both effective database marketing and database marketing industry, personal data are the very essential resources. Unfortunately, in Korea, both database marketing and database marketing industry stays far behind compared to other countries because it is practically very hard to legally trade personal data for database marketing purpose. Instead Korea has a illegal spam problem which might be a natural consequency of strong restriction on personal data in the situation of huge demand for personal data. KT SODiS can be called the frontier of Korea's database marketing industry since it is the first legal business in this area. In the first 5 months, SODiS obtained 2 millions of legal customer consents which can be the strong base to help database marketing activities of other companies. This case shows marketing strategies of KT SODiS to establish infrastructure for Korea's database marketing industry and suggests some future tasks to further develop the industry.

• Journal of KIISE
• /
• v.45 no.1
• /
• pp.45-52
• /
• 2018

With the advent of BCI technology in recent years, various BCI products have been released. BCI technology enables brain information to be transmitted directly to a computer, and it will bring a lot of convenience to life. However, there is a problem with information protection. In particular, EEG data can raise issues about personal privacy. Collecting and analyzing big data on EEG reports raises serious concerns about personal information exposure. In this paper, we propose a secure privacy-preserving BCI model in a big data environment. The proposed model could prevent personal identification and protect EEG data in the cloud environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.3
• /
• pp.39-52
• /
• 2006

Recently purpose is used by an crucial part to security management when collecting data about privacy. The W3C(World Wide Web Consortium) describes a standard spec to control personal data that is provided by data providers who visit the web site. But they don't say anymore about security management about personal data in transit after data collection. Recently several researches, such as Hippocratic Databases, Purpose Based Access Control and Hippocratic in Databases, are dealing with security management using purpose concept and access control mechanism after data collection a W3C's standard spec about data collection mechanism but they couldn't suggest an efficient mechanism for privacy protection about personal data because they couldn't represent purpose expression and management of purposes sufficiently. In this paper we suggest a mechanism to improve the purpose expression. And then we suggest an accesscontrol mechanism that is under least privilege principle using the purpose classification for privacy protection. We classify purpose into Along purpose structure, Inheritance purpose structure and Stream purpose structure. We suggest different mechanisms to deal with then We use the role hierarchy structure of RBAC(Role-Based Access Control) for flexibility about access control and suggest mechanisms that provide the least privilege for processing the task in case that is satisfying using several features of purpose to get least privilege of a task that is a nit of business process.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1057-1071
• /
• 2016

Privacy-right infringement using unmanned aerial vehicle (UAV) usually occurs due to the unregistered small UAV with the image data processing equipment. In this paper we propose that privacy protection acts, Personal Information Protection Act, Information and Communications Network Act, are complemented to consider the mobility of image data processing equipment installed on UAV. Furthermore, we suggest the regulations for classification of small UAVs causing the biggest concern of privacy-right infringement are included in aviation legislations. In addition, technological countermeasures such as recognition of UAV photographing and masking of identifying information photographed by UAV are proposed.

• Journal of Nuclear Fuel Cycle and Waste Technology(JNFCWT)
• /
• v.21 no.3
• /
• pp.371-381
• /
• 2023

Evaluating the effectiveness of the radiation protection measures deployed at the Centralized Radioactive Waste Management Facility in Ghana is pivotal to guaranteeing the safety of personnel, public and the environment, thus the need for this study. Radiagem^TM 2000 was used in measuring the dose rate of the facility whilst the personal radiation exposure of the personnel from 2011 to 2022 was measured from the thermoluminescent dosimeter badges using Harshaw 6600 Plus Automated TLD Reader. The decay store containing scrap metals from dismantled disused sealed radioactive sources (DSRS), and low-level wastes measured the highest dose rate of 1.06 ± 0.92 µSv·h^-1. The range of the mean annual average personnel dose equivalent is 0.41-2.07 mSv. The annual effective doses are below the ICRP limit of 20 mSv. From the multivariate principal component analysis biplot, all the personal dose equivalent formed a cluster, and the cluster is mostly influenced by the radiological data from the outer wall surface of the facility where no DSRS are stored. The personal dose equivalents are not primarily due to the radiation exposures of staff during operations with DSRS at the facility but can be attributed to environmental radiation, thus the current radiation protection measures at the Facility can be deemed as effective.