• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.8C
• /
• pp.1076-1085
• /
• 2004

Privacy enforcement has been one of the most important problems in IT area. Privacy protection can be achieved by enforcing privacy policies within an organization's data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as privacy binding. This paper proposes an extended role-based access control (RBAC) model for enforcing privacy policies within an organization. For providing privacy protection and context based access control, this model combines RBAC, Domain-Type Enforcement, and privacy policies Privacy policies are to assign privacy levels to user roles according to their tasks and to assign data privacy levels to data according to consented consumer privacy preferences recorded as data usage policies. For application of this model, small hospital model is considered.

• ETRI Journal
• /
• v.43 no.5
• /
• pp.812-824
• /
• 2021

Recently, with an increase in Internet usage, users of online social networks (OSNs) have increased. Consequently, privacy leakage has become more serious. However, few studies have investigated the difference between privacy and actual behaviors. In particular, users' desire to change their privacy status is not supported by their privacy literacy. Presenting an accurate measurement of users' privacy status can cultivate the privacy literacy of users. However, the highly interactive nature of interpersonal communication on OSNs has promoted privacy to be viewed as a communal issue. As a large number of redundant users on social networks are unrelated to the user's privacy, existing algorithms are no longer applicable. To solve this problem, we propose a structural similarity measurement method suitable for the characteristics of social networks. The proposed method excludes redundant users and combines the attribute information to measure the privacy status of users. Using this approach, users can intuitively recognize their privacy status on OSNs. Experiments using real data show that our method can effectively and accurately help users improve their privacy disclosures.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.151-159
• /
• 2014

Recently, spread of large amount Smartphones made users to download location-based service applications, which provided by application developers. These location-based service applications are convenient tool for users. Location-based service use technology to find location of user and provide information of user's location. Leakage of information of user's location and expose of privacy life raised new controversy. In this thesis, it will analyze relations of increase of Smartphone market, usage of Location-based service and severity of personal information leakage. Also, it will analyze examples of user's case of damage which caused by leakage personal information and find solutions to reduce damage of personal information leakage. In research, it will find cases of damage that cause by Location-based service. Also it will analyze and research cases of damage and present with graph and chart. In conclusion, to reduce and prevent from damage which caused by leakage personal information, it is important that users and application developers to realize danger of private and personal information leakage. Also, user's personal information must deal with cautiously and application developers have to research and develop the application with powerful security.

• Journal of Intelligence and Information Systems
• /
• v.19 no.1
• /
• pp.125-139
• /
• 2013

Big data refers to the data that cannot be processes with conventional contemporary data technologies. As smart devices and social network services produces vast amount of data, big data attracts much attention from researchers. There are strong demands form governments and industries for bib data as it can create new values by drawing business insights from data. Since various new technologies to process big data introduced, academic communities also show much interest to the big data domain. A notable advance related to the big data technology has been in various fields. Big data technology makes it possible to access, collect, and save individual's personal data. These technologies enable the analysis of huge amounts of data with lower cost and less time, which is impossible to achieve with traditional methods. It even detects personal information that people do not want to open. Therefore, people using information technology such as the Internet or online services have some level of privacy concerns, and such feelings can hinder continued use of information systems. For example, SNS offers various benefits, but users are sometimes highly exposed to privacy intrusions because they write too much personal information on it. Even though users post their personal information on the Internet by themselves, the data sometimes is not under control of the users. Once the private data is posed on the Internet, it can be transferred to anywhere by a few clicks, and can be abused to create fake identity. In this way, privacy intrusion happens. This study aims to investigate how perceived personal information overload in SNS affects user's risk perception and information privacy concerns. Also, it examines the relationship between the concerns and user resistance behavior. A survey approach and structural equation modeling method are employed for data collection and analysis. This study contributes meaningful insights for academic researchers and policy makers who are planning to develop guidelines for privacy protection. The study shows that information overload on the social network services can bring the significant increase of users' perceived level of privacy risks. In turn, the perceived privacy risks leads to the increased level of privacy concerns. IF privacy concerns increase, it can affect users to from a negative or resistant attitude toward system use. The resistance attitude may lead users to discontinue the use of social network services. Furthermore, information overload is mediated by perceived risks to affect privacy concerns rather than has direct influence on perceived risk. It implies that resistance to the system use can be diminished by reducing perceived risks of users. Given that users' resistant behavior become salient when they have high privacy concerns, the measures to alleviate users' privacy concerns should be conceived. This study makes academic contribution of integrating traditional information overload theory and user resistance theory to investigate perceived privacy concerns in current IS contexts. There is little big data research which examined the technology with empirical and behavioral approach, as the research topic has just emerged. It also makes practical contributions. Information overload connects to the increased level of perceived privacy risks, and discontinued use of the information system. To keep users from departing the system, organizations should develop a system in which private data is controlled and managed with ease. This study suggests that actions to lower the level of perceived risks and privacy concerns should be taken for information systems continuance.

• 한국경영정보학회:학술대회논문집
• /
• 2007.11a
• /
• pp.411-416
• /
• 2007

Only a few P3P-based privacy aware systems address the discrepancy between a service provider's privacy policy and the user's typical concerns-hence, putting service usage at risk. Moreover, since users are typically nomadic in pervasive computing services, their specific privacy concerns would dynamically change according to the surrounding context. This leads us to develop a dynamically adjusting P3P-based policy for a personalized, privacy-aware service as a core element of secure pervasive computing. Hence, the purpose of this paper is to propose a pervasive P3P-based negotiation mechanism for privacy control which functions in a dynamic and flexible way.

• The Journal of Information Systems
• /
• v.21 no.4
• /
• pp.55-79
• /
• 2012

LBS(Location-Based Service) is one of the smartphone application services which has been receiving great attention recently. Various applications of smartphone use LBS to provide innovative services. However, use of LBS raises privacy concerns because the location information of users is constantly exposed. Privacy calculus perspective attempts to understand the characteristics of the user's privacy. It is based on the risk-benefit analysis in the economics' perspective. That is, when the benefit expected through personal information disclosure is higher than risk, we are willing to provide personal information. This research suggested a research model based on the privacy calculus perspective to clarify the effect of information disclosure intention of smartphone LBS application users. Based on the main factors of privacy calculus, perception of privacy risk and privacy benefit, the relationship of the perceived value and the information disclosure intention was empirically analyzed by utilizing structural equation modeling(SEM) methodology. According to the results of the empirical analysis, it was found that all relations have statistically significant explanatory power except the relation between privacy concern and information disclosure intention. This study showed a strong evidence of antecedent factors based on privacy calculus of personal information disclosure in smartphone LBS applications.

• 한국경영정보학회:학술대회논문집
• /
• 2008.06a
• /
• pp.493-517
• /
• 2008

The purpose of this research is to identify effect of communication strategy as effectively communication method which is decreasing Internet Web site users' perceived information privacy concerns as important factor affecting to positive behavior or behavioral intentions on long-term relational outcome perspectives. This study suggests alternatives concepts and causal relationship about information privacy issues. First, it addressed collaborative communication strategy (CCS) model of effective communication method for Web site's IPP to users. Second, it provided comparing and integrating streams of information privacy research on long-term relational outcomes perspective. Third, it assessed effectiveness of Web site's IPP on organization legitimacy ensured continuous survival of organization. A research model was proposed and subsequent hypotheses were empirically tested with partial least square (PLS) based on 684 responses from the users of 21 Internet Website among entirely finance, recruit, portal /e-store Web site. It was learned that CCS(as a communication method) and relationship quality(representing long-term relational outcomes)was positively associated with decreasing user's IPC more than privacy risk. Also, legitimacy to information privacy practice positively associated with willingness to information providing more than negative effect of IPC. Lastly, their association strength was partially moderated by the type of real information sensitivity.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.10B
• /
• pp.648-659
• /
• 2005

One's identity on the Internet has been disclosed and abused without his consent. Personal information must be protected by appropriate security safeguard. An Individual should have the right to know whether his personal details have been collected and stored. This paper proposes various conceptual models for designing privacy enabling service architecture in the Internet identity management system. For the restriction of access to personal information, we introduce the owner's policy and the management policy The owner's policy should provide the user with enough information to manage easily and securely his data. To control precisely and effectively all personal information in the Identity provider, we propose the privacy management policy and the privacy authorization model.

• Management & Information Systems Review
• /
• v.30 no.3
• /
• pp.85-105
• /
• 2011

The primary purpose of this study is to examine the effects of privacy concern on user's satisfaction and continuance intention in SNS. Based on relevant literature reviews, this study posits five characteristics, that is, privacy concern, perceived usefulness, perceived enjoyment, satisfaction, and continuance intention as key factors. And then we structured a research model and hypotheses about relationship between these variables. A total 298 usable survey responses of SNS users have been employed in the analysis. The major findings from the data analyses are as follows. Firstly, privacy concern had a significant influence upon perceived usefulness and enjoyment, however, privacy concern had not a significant influence upon satisfaction Secondly, perceived usefulness and enjoyment had a positive influence upon satisfaction. Lastly, user's perceived usefulness, perceived enjoyment, and satisfaction had significantly related to continuance intention in SNS. From this study, we expect to suggest practical and managerial implications to SNS providers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6169-6187
• /
• 2017

With the fast growth of mobile services, Mobile Cloud Computing(MCC) has gained a great deal of attention from researchers in the academic and industrial field. User authentication and privacy are significant issues in MCC environment. Recently, Tsai and Lo proposed a privacy-aware authentication scheme for distributed MCC services, which claimed to support mutual authentication and user anonymity. However, Irshad et.al. pointed out this scheme cannot achieve desired security goals and improved it. Unfortunately, this paper shall show that security features of Irshad et.al.'s scheme are achieved at the price of multiple time-consuming operations, such as three bilinear pairing operations, one map-to-point hash function operation, etc. Besides, it still suffers from two minor design flaws, including incapability of achieving three-factor security and no user revocation and re-registration. To address these issues, an enhanced and provably secure authentication scheme for distributed MCC services will be designed in this work. The proposed scheme can meet all desirable security requirements and is able to resist against various kinds of attacks. Moreover, compared with previously proposed schemes, the proposed scheme provides more security features while achieving lower computation and communication costs.