• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.5
• /
• pp.117-123
• /
• 2016

In recent years, Personal Health Record (PHR) has emerged as a patient-centric model of health information exchange. The Personal Health Record (PHR) owners enjoy the full right of accessing their records anywhere and anytime making storage and retrieval more efficient. Due to the sensitivity and confidential nature of the PHR, however, the PHR is maintained in a secure and private environment with the individual determining rights of access. In this paper, we propose a system which enables access to the user's PHR in the event of emergency. In emergency situation where the user is unconscious, the emergency staff can use the PHR information to request a emergency access to the PHR server based on the predefined rights of access for PHR. Under the proposed system, the PHR owner can specify a fine grain access control policy during emergency situations.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.44 no.6
• /
• pp.16-23
• /
• 2007

Changeable biometrics has been developed as a solution to problem of enhancing security and privacy. The idea is to transform a biometric signal or feature into a new one for the purposes of enrollment and matching. In this paper, we propose a changeable biometric system that can be applied to appearance based face recognition system. In the first step when using feature extraction, ICA(Independent Component Analysis) coefficient vectors extracted from an input face image are replaced randomly using their mean and variation. The transformed vectors by replacement are scrambled randomly and a new transformed face coefficient vector (transformed template) is generated by combination of the two transformed vectors. When this transformed template is compromised, it is replaced with new random numbers and a new scrambling rule. Because e transformed template is generated by e addition of two vectors, e original ICA coefficients could not be easily recovered from the transformed coefficients.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.53 no.3
• /
• pp.29-36
• /
• 2016

In cloud storages, as security of stored files and privacy of users become regarded as important concerns, secure cloud storages have been proposed, where stored files are encrypted with file owner's password and even the cloud service provider can not open the file contents. However, if the file owner forgets one's password, one can no longer access the file. To solve this problem, we propose a scheme for changing password for the secure cloud based on proxy re-encryption, which make the file owner enable to change password even when one forgets it. With the proposed scheme, only the file owner can change the password and re-encrypt the files securely because other user and even the service provider can not see the file contents.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.8
• /
• pp.103-112
• /
• 2024

This study was initiated with the aim of authenticating that inputs have not been tampered with without disclosing them in the case of computations where multiple inputs are entered by participants using the same key. In general, in the authentication stage, authentication is performed after the input value is disclosed, but we do not want to reveal the inputs until the end. This is a case of deviating from the traditional security model in which malicious participants exist in cryptography, but it is a malicious attack method that can actually occur enough. Privacy infringement or distortion of calculation results can occur due to malicious manipulation of input values. To prevent this, this study studied a method that can authenticate that the message is not a modified message without disclosing the message using the signature system, zero-knowledge proof, and commitment scheme. In particular, by modifying the ElGamal signature system and combining it with the commitment scheme and zero-knowledge proof, we designed and proved a verification protocol that the input data is not a modified data, and the efficiency was improved by applying batch verification between authentication.

• Information Systems Review
• /
• v.26 no.1
• /
• pp.57-71
• /
• 2024

There are several ways to assess the value of personal data, but there is no standard for evaluating data value. In the case of medical my data utilization platform services, it was found that when the platform company received the user's consent and received data for the purpose of data utilization, an average of about 4,000 credits was paid per user as compensation. As in the previous case, the value of personal information is mainly measured based on the value of each individual, not on specific items of personal information. However, as the number and type of personal information increases, the value of personal information must be measured by type. This study focuses on measuring the value of unstructured personal information, especially images, and proposes standards for unstructured personal information. By measuring the value of images, we will be able to help platform companies set credit standards for compensation per person when providing data and support objective and reasonable pricing when selling B2B data.

• The Journal of the Korea Contents Association
• /
• v.11 no.7
• /
• pp.60-69
• /
• 2011

As the mobile industry has developed, people have become to pursue more delicate information exchange and close relationships between individuals through it. According to such a request, Social Networking Services have been activated based on short messages. Moreover, in combination with smart phones, the needs for adding location information is recently increasing more and more. Security and Privacy problems, however, are raised because such location information is so sensitive and may be used maliciously by someone else. Especially, storing location information of family members in a public server may become a negative factor to hinder people from utilizing such services. Therefore, this paper proposes a location based SNS service using smart phones for home community that runs on a home server in a house so that relationships between family members at home may be closer and improved through utilizing the service.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.3
• /
• pp.59-68
• /
• 2012

Zero client-based cloud storage technology is gaining much interest as a tool to centralized management of organizational documents nowadays. Besides the well-known cloud storage's defects such as security and privacy protection, users of the zero client-based cloud storage point out the difficulty in browsing and selecting the storage category because of its diversity and complexity. To resolve this problem, this study proposes a method of intelligent document archiving by applying an algorithm-based automatic topic identification technology. Without user's direct definition of category to store the working document, the proposed methodology and prototype enable the working documents to be automatically archived into the predefined categories according to the extracted topic. Based on the proposed ideas, more effective and efficient centralized management of electronic documents can be achieved.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.93-100
• /
• 2020

Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.867-878
• /
• 2003

In thls Paper, we Propose a new scheme, protecting information about the location of a mobile user against attacks from inside users of the mobile communication, especially the network providers. There have already been some proposals about how to protect location information of user in mobile communication environments〔1-5〕. Among them, Kesdogan et al.〔2, 3〕 proposed a new method, using so-called temporary pseudonyms and also described protection method against a passive and an active attack of network providers. However, the description of protection method against the active attack between the two is not clear. Moreover, there is an additional load that it should append a reachability manager〔1, 6〕 to the proposed system. Therefore, we propose a new scheme improving the above method of Kesdogan et al. and analyze its security and effectiveness.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.495-502
• /
• 2013

In this paper, we present an anonymous authentication and location assurance protocol for secure location-aware services over vehicular ad hoc networks (VANETs). In other to achieve our goal, we propose the notion of a location-aware signing key so as to strongly bind geographic location information to cryptographic function while providing conditional privacy preservation which is a desirable property for secure vehicular communications. Furthermore, the proposed protocol provides an efficient procedure based on hash chain technique for revocation checking to effectively alleviate communication and computational costs on vehicles in VANETs. Finally, we demonstrate comprehensive analysis to confirm the fulfillment of the security objectives, and the efficiency and effectiveness of the proposed protocol.