• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.379-388
• /
• 2011

Ensuring the security of medical records is becoming an increasingly important problem as modern technology is integrated into existing medical services. As a consequence of the adoption of EMR(Electronic Medical Records) in the health care sector, it is becoming more and more common for a health professional to edit and view a patient's record. In order to protect the patient's privacy, a secure authentication model to access the electronic medical records system must be used. A traditional identity based digital certificate for the authenticity of EMR has private key management and key escrow of a user's private key. In order to protect the EMR, The traditional authentication system is based on the digital certificate. The identity based digital certificate has many disadvantages, for example, the private key can be forgotten or stolen, and can be easily escrow of the private key. Nowadays, authentication model using fingerprint recognition technology for EMR has become more prevalent because of the advantages over digital certificate -based authentication model. Because identity-based fingerprint recognition can eliminate disadvantages of identity-based digital certificate, the proposed authentication model provide high security for access control in EMR.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.627-628
• /
• 2022

There is no internationally accepted codified definition of digital trade because of the wide variety and scope of related industries and transactions(product + service + data) in general. Recently, innovative changes are taking place in digital trade due to the development of technologies such as IT due to the 4th industrial revolution, and advanced countries such as the US, EU, and Japan are including digital trade issues such as data movement liberalization in the negotiation agenda of the digital trade agreement. The issue with the liberalization of cross-border data movement is that freedom of data movement is necessary to vitalize digital trade, but it also increases the risk of information security and privacy violations. Looking at the directions of advanced countries, the US favors minimization of regulations, Europe favors regional single marketization, but passively opens up to the outside world, and China promotes independent markets through regulations. Therefore, measures to strengthen restrictions on cross-border data movement are an issue that has recently been implemented by each country or an international aggrement is scheduled to be reached soon, and Korea also needs a close response.

• Informatization Policy
• /
• v.26 no.3
• /
• pp.69-89
• /
• 2019

In order to implement smart cities that will become living spaces in the fourth industrial revolution era, detailed privacy information such as residents' living information, buildings and facilities information must be collected and processed in real time. While city functions and convenience for individuals are being facilitated, threats to personal information exposure and leakage are also likely to increase at the same time. Therefore, the design concept for personal information protection should be considered and accordingly reflected from the stages of smart city design, technology development and operation planning of intelligent information (AI) facilities. The results of the analysis show that for activation of smart cities and operation of data-driven cities, the concept of Privacy by Design (PbD) has already been introduced in the institutional, industrial and technological aspects, particularly in the cases of European countries and the US. In order to strengthen the local and global competitiveness of smart cities and the country, Korea also needs to actively deploy PbD as a strategy to secure a data-driven economy, which is the core strategy for smart cities. Therefore, the study suggests policy implications focused on approaches to legislative improvement and technology development support, which reflect the basic properties of PbD as defined in the study.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.9
• /
• pp.305-316
• /
• 2022

With the flood of digital data owing to the Internet of Things and big data, cloud service providers that process and store vast amount of data from multiple users can apply duplicate data elimination technique for efficient data management. The user experience can be improved as the notion of edge computing paradigm is introduced as an extension of the cloud computing to improve problems such as network congestion to a central cloud server and reduced computational efficiency. However, the addition of a new edge device that is not entirely reliable in the edge computing may cause increase in the computational complexity for additional cryptographic operations to preserve data privacy in duplicate identification and elimination process. In this paper, we propose an efficiency-improved duplicate data elimination protocol while preserving data privacy with an optimized user-edge-cloud communication framework by utilizing a trusted execution environment. Direct sharing of secret information between the user and the central cloud server can minimize the computational complexity in edge devices and enables the use of efficient encryption algorithms at the side of cloud service providers. Users also improve the user experience by offloading data to edge devices, enabling duplicate elimination and independent activity. Through experiments, efficiency of the proposed scheme has been analyzed such as up to 78x improvements in computation during data outsourcing process compared to the previous study which does not exploit trusted execution environment in edge computing architecture.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.177-185
• /
• 2007

Lately, it is a trend that diffusion of Mobile Information Appliance that do various function by development of IT technology. There is function that do more convenient and efficient exchange information and business using mobile phone that is Mobile Information Appliance, but disfunction that is utilized by pointed end engineering data leakage, individual's privacy infringement, threat, etc. relationship means to use mobile phone is appeared and problems were appeared much. However, legal research of statute unpreparedness and so on need research and effort to prove delete, copy, integrity of digital evidence that transfer secures special quality of easy digital evidence to objective evidence in investigation vantage point is lacking about crime who use this portable phone. It is known that this Digital Forensic field is Mobile Forensic. In this paper. We are verify about acquisition way of digital evidence that can happen in this treatise through mobile phone that is Mobile Forensic's representative standing and present way to prove integrity of digital evidence using Hash Function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.129-136
• /
• 2003

A representative payment broker system is SET and one of its signature shcemes is a dual digital signature scheme. A dual digital signature scheme expose neither user's payment information(credit card number etc.) to merchandiser, nor user's order information to bank So it keeps user's Privacy safe. The digital signature scheme like this is being necessary as E-commerce is revitalized. But a dual digital signature of SET is not appropriate for wireless environments because it needs so many computations and communications. In this paper, we propose a signcryption scheme that generates a polynomial using a payment information for merchandiser and an order information for bank in order to reduce communications. We analyze the problem of existing signcryption schemes and dual digital signature schemes. Also we analyze the security properties of the proposed scheme.

• Journal of the Korea Convergence Society
• /
• v.13 no.4
• /
• pp.25-37
• /
• 2022

The government and private companies are endeavoring to help the digital healthcare industry grow. This includes easing regulations on the big data industry such as the amendment of the Data 3 Act. Despite these efforts, however, there have been constant demands for the amendment of laws related to the medical field and for securing medical data transmissions. In this paper, the Data 3 Act of Korea and the legal system related to healthcare are examined. Then the legal, institutional, and technical aspects of the strategies are compared to understand the issues and implications. Based on this, a legal and institutional strategy suitable for the digital healthcare industry in Korea is suggested. Additionally, a direction to improve social perception along with technical measures such as safe de-identification processing and data transmission are also proposed. This study hopes to contribute to the spread of various convergent industries along with the digital healthcare industry.

• Journal of Convergence for Information Technology
• /
• v.11 no.10
• /
• pp.93-100
• /
• 2021

With the spread of digital trade, the share of digital trade under the global trade environment is increasing. However, since there is no international digital trade standard, the discussion to establish a new trade rule has important significance. Countries around the world are implementing digital trade policies in consideration of their own interests, but different regulatory policies are causing trade conflicts. In order to provide safeguards against personal information infringement due to the free movement of data across borders, major countries around the world have taken measures to localize data, and the EU has enacted GDPR. And the United States regards the imposition of the digital tax as a trade barrier, and some countries oppose the implementation of the digital tax for fear of negative impact on their countries. However, discussions on the global digital tax, centered on the OECD and the G20 are making progress. As it is highly likely that a digital tax agreement will be drawn up within this year, countermeasures must also be prepared. Therefore, this study presents implications for the future direction of Korea's trade policy by examining recent trends in digital trade norms and analyzing major issues in digital trade.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.297-308
• /
• 2009

In 2008, ETRI developed a new mobile digital ID wallet, in which anyone can store personal information and PKI credential. When the wallet is used, privacy protection is one of the most important problems and personal information should be protected under various usage scenarios such as exchanging sensitive information in on/off-line environments, joining as a new member in the web site, etc. In this paper, we propose a triangular trust management scheme that can effectively manage trustness and also protect sensitive personal information. This scheme relies on three techniques: PKI, reputation and condition (situation context). We implemented prototype of our scheme, and tested it under various scenarios, which showed that the proposed scheme can effectively be used for diverse cases.

• The Journal of the Korea Contents Association
• /
• v.21 no.9
• /
• pp.176-183
• /
• 2021

Digital medical technology is very effective and at the same time faces the challenge of protecting privacy. However, for contact tracking and exposure notification apps in COVID-19 environment, there is always a trade-off between privacy measures and the effectiveness of the app's use. Today, many countries have developed and used contact tracking and exposure notification apps in various forms to prevent the spread of COVID-19, but the suspicion of digital surveillance (digital panopticon) is unavoidable. Therefore, this study aims to identify the factors of personal information infringement and dissatisfaction through text mining analysis by extracting user reviews of "Self-Quarantine Safety Protection" in Korea. As a result of the text mining analysis, we derived four groups, 'Address recognition error', 'Exit warning error', 'Access error', and 'App. program error'. Since 'Address recognition error' and 'Exit warning error' can give the app users a strong perception that they are keeping under surveillanc by the app, transparent management of personal information protection and consent procedures related to personal information collection are required. In addition, if the other two groups are not corrected immediately due to an error in an app function or a program bug, the complaints of users can be maximized and a protest against the monitor can be raised.