• Smart Media Journal
• /
• v.10 no.2
• /
• pp.100-109
• /
• 2021

As the COVID-19 vaccination begins, it is necessary to safely store and manage the vaccination history for vaccinated people, as well as provide only the minimal information for the requested purpose, not in the form of all or nothing, to the institution requesting vaccination personal information. This paper proposes a scheme to safely store and manage the people's vaccination records in a non-forgeable blockchain, and to ensure that users provide only the minimal information necessary to the verifier from their vaccination personal information. A user authorizes the verifier to access the information he has consented with by entering the fingerprint on his smartphone, and in this process, no personal information or secrets can be exposed to an attacker. In addition, it is guaranteed that it is neither possible to impersonate the user nor to steal user personal information even in the case of theft or loss of the smartphone, or leakage of information from the vaccination history management institution. Using the scheme, users have no fear on external exposure of personal information and follow-up damage due to excessive information provision by giving out only the minimal information suited to the verifier.

• Journal of Multimedia Information System
• /
• v.6 no.3
• /
• pp.125-130
• /
• 2019

In this paper, Blockchain is mentioned as the next-generation core IT technology. As an immature technology, there are not many practical use cases, but it is expected to be widely applied in various industries such as cryptocurrency, finance, public, etc. to increase efficiency and enable new services that did not exist in the past. Nevertheless, the generalization of blockchain technology is still difficult. In particular, from the viewpoint of personal information protection, GDPR of Europe, etc., is becoming stronger. Considering that the core of the blockchain is the change of information sharing and processing method, it is very important how the blockchain can affect, especially from the viewpoint of privacy, and how the Privacy Act can be applied to the blockchain. However, the discussion on this part also seems to be insufficient. Therefore, in this paper, blockchain By analyzing the implications and implications of technologies and services using them from the perspective of the Privacy Act, we will discuss how the blockchain will be used to prevent leakage of privacy.

• Journal of Digital Convergence
• /
• v.14 no.6
• /
• pp.253-261
• /
• 2016

As many people use internet through the various programs of PC and mobile devices, the possibility of private data leak is increasing. A program should be used after checking security of information flow. Security analysis of information flow is a method that analyzes security of information flow in program. If the information flow is secure, there is no leakage of personal information. If the information flow not secure, there may be a leakage of personal information. This paper proposes a method of analyzing information flow that facilitates SAT solver. The method translates a program that includes variables where security level is set into propositional formula representing control and information flow. The satisfiability of the formula translated is determined by using SAT solver. The security of program is represented through the result. Counter-example is generated if the program is not secure.

• Journal of the Korea Convergence Society
• /
• v.11 no.6
• /
• pp.37-42
• /
• 2020

In the field of public informatization maintenance business, the attacks of external illegal users such as unauthorized leakage, destruction, and alteration due to intentional or inadequate management of personal information are increasing. In order to prevent such security incidents in advance, it is necessary to develop and quantitatively manage SLA indicators. This study presents the privacy SLA indicators and suggests specific methods such as information collection method and timing of the privacy SLA indicators. In order to confirm the validity and reliability of the proposed SLA indicators, an online survey was conducted with a group of experts. As a result, it was evaluated that compliance rate of personal information destruction and compliance rate of personal information protection system would be effective when applied to new and revised SLA indicators in terms of importance and validity. In the future, using SLA indicators for personal information protection as a standard for public information maintenance will contribute to improving SW quality and securing safety.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.187-196
• /
• 2014

Most Consumers don't pay attention the process of giving consent for the provision of personal information. The terms of giving consent of personal information provision including 3rd party provision related contents. Although personal information leakage were related 3rd party sharing, consumers can't recognize the details. Therefore, this study focused on the perception of 3rd party provision of personal information. Consumers recognized 3rd party as who are related the service offer or not. Consumers want to know the cases of personal information sharing to the 3rd party, and if the business operators got benefit to share personal information with 3rd party, consumers want to know the facts. To understand the terms easily, the format have to be revised and to be standardized. Standardization of consent forms is very important for consumers to understand the difficult documents and the development of the business system to collect and use consumer's personal information to guarantee the right to self-determination of personal information.

• The Journal of the Korea Contents Association
• /
• v.19 no.5
• /
• pp.194-204
• /
• 2019

The mobile payment app market has been expanding recently. However, the usage rate of mobile payment apps is not meeting service providers' expectations due to concerns about security and privacy. This study investigated how personal predisposition and how the security signals of the payment app affect users' perceived privacy and security risks, and how these factors ultimately affect the trust of mobile payment apps. The results showed that privacy concerns increase the risk of perceived personal information leaks and reduce perceived mobile system security, while familiarity, perceived reputation, and assurance seal reduce the risk of perceived personal information leaks and increase perceived mobile system security. Finally, it revealed that the reduced risk of perceived personal information leaks and the increased security of mobile systems had a positive impact on the reliability of mobile payment apps.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.673-689
• /
• 2015

Resident Registration Number(RRN) has been used broadly by public institutions or civilian departments as a means of personal identification due to its effectiveness and convenience in managing the information. Recently, because of personal information leakage including resident registration number, the potential damage is increasing public anxiety. In this situation, there have been demands requiring systems that can end the link between the resident registration number and personal information. In order to solve the problem, multiple alternatives are under consideration. In this research, we will discuss limits, needs for change of the system, and the basic concepts or traits that new registration number require. Also, by comparing the alternatives being discussed, we will analyze personal information security level and the cost required for reorganizing the system to present alternative that has high effectiveness.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.45-51
• /
• 2016

Although the problem of personal data leakage is reported to be serious, there has been no research that tries to excavate out that real cause of the leakage in scientific prospective. Although this topic is considered to be crucial, there have been no literatures relevant to the topic, and the reason for this limitation is that scientific approach to this problem was not feasible. In this respect, in this paper a model for such scientific analysis and a methodology of analysis have been devised. Results show that the degree of rigidity turns out be the determinant that vindicates the degree of leakage. The notion of data rigidity is revealed to be very strongly correlated to the number of hacking incidents in each country. The notion of resident data freedom was then deployed in this paper to determine the world-wide ranking for a slew of different countries. The United Kingdom and the Republic of Korea turned out to be the two extreme countries that lie in the spectrum of the scale, with UK the most flexible and ROK one of the most rigid.

• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.