• 디지털산업정보학회논문지
• /
• 제9권4호
• /
• pp.103-110
• /
• 2013

In Information Technology era, various amazing IT technologies, for example Big Data, are appearing and are available as the amount of information increase. The number of counselling for violation of personal data protection is also increasing every year that it amounts to over 160,000 in 2012. According to Korean Privacy Act, in the case of treating unique personal identification information, appropriate measures like encipherment should be taken. The technologies of encipherment are the most basic countermeasures for personal data invasion and the base elements in information technology. So various cryptography algorithms exist and are used for encipherment technology. Therefore studies on safer new cryptography algorithms are executed. Cryptography algorithms started from classical replacement enciphering and developed to computationally secure code to increase complexity. Nowadays, various mathematic theories such as 'factorization into prime factor', 'extracting square root', 'discrete lognormal distribution', 'elliptical interaction curve' are adapted to cryptography algorithms. RSA public key cryptography algorithm which was based on 'factorization into prime factor' is the most representative one. This paper suggests algorithm utilizing telescoping series as a safer cryptography algorithm which can maximize the complexity. Telescoping series is a type of infinite series which can generate various types of function for given value-the plain text. Among these generated functions, one can be selected as a original equation. Some part of this equation can be defined as a key. And then the original equation can be transformed into final equation by improving the complexity of original equation through the command of "FullSimplify" of "Mathematica" software.

• International Journal of Internet, Broadcasting and Communication
• /
• 제13권2호
• /
• pp.67-75
• /
• 2021

As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.

• International Journal of Internet, Broadcasting and Communication
• /
• 제11권2호
• /
• pp.59-66
• /
• 2019

The emergence of new IT technologies and convergence industries, such as artificial intelligence, bigdata and the Internet of Things, is another chance for South Korea, which has established itself as one of the world's top IT powerhouses. On the other hand, however, privacy concerns that may arise in the process of using such technologies raise the task of harmonizing the development of new industries and the protection of personal information at the same time. In response, the government clearly presented the criteria for deidentifiable measures of personal information and the scope of use of deidentifiable information needed to ensure that bigdata can be safely utilized within the framework of the current Personal Information Protection Act. It strives to promote corporate investment and industrial development by removing them and to ensure that the protection of the people's personal information and human rights is not neglected. This study discusses the strategy of deidentifying personal information protection based on the analysis of fake news. Using the strategies derived from this study, it is assumed that deidentification information that is appropriate for deidentification measures is not personal information and can therefore be used for analysis of big data. By doing so, deidentification information can be safely utilized and managed through administrative and technical safeguards to prevent re-identification, considering the possibility of re-identification due to technology development and data growth.

• 디지털산업정보학회논문지
• /
• 제18권1호
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제12권11호
• /
• pp.329-336
• /
• 2023

본 논문은 2023년 개정된 개인정보보호법 및 관련 법적 가이드 등을 분석하고, 개인정보 업무 위수탁 관계에서 필요한 항목을 통해 위수탁 계약에 대한 프레임워크를 제안하고, 국내에 부재한 수탁사 개인정보보호 현황 점검의 필수적으로 포함되어야 하는 공통항목을 제안함으로서, 개인정보 업무를 처리하는 수탁사의 기본적인 개인정보보호 역량의 강화와 필수적으로 수행하는 개인정보보호 점검에 대한 부담감을 완화하고 개인정보 유출 사고 발생 예방에 기여하고자 한다.

• International Journal of Computer Science & Network Security
• /
• 제23권12호
• /
• pp.81-90
• /
• 2023

Cloud computing is an emerging business model popularized during the last few years by the IT industry. Providing "Everything as a Service" has shifted many organizations to choose cloud-based services. However, some companies still fear shifting their data to the cloud due to issues related to the security and privacy. The paper suggests a novel Trust based Mutual Authentication Mechanism using Secret P-box based Mutual Authentication Mechanism (TbMAM-SPb) on the criticality of information. It uses a particular passcodes from one of the secret P-box to act as challenge to one party. The response is another passcode from other P-box. The mechanism is designed in a way that the response given by a party to a challenge is itself a new challenge for the other party. Access to data is provided after ensuring certain number of correct challenge-responses. The complexity can be dynamically updated on basis of criticality of the information and trust factor between the two parties. The communication is encrypted and time-stamped to avoid interceptions and reuse. Overall, it is good authentication mechanism without the use of expensive devices and participation of a trusted third party.

• 한국언론정보학보
• /
• 제76권
• /
• pp.151-182
• /
• 2016

디지털 시대에 개인의 프라이버시 및 인격권 보호를 위해 잊힐 권리(the right to be forgotten)를 보장해야 한다는 주장이 꾸준히 제기되어 왔다. 본 논문은 유럽에서 촉발된 잊힐 권리에 대한 논의가 개인정보보호를 중심으로 링크 삭제 청구권이라는 법적 권리로 구체화된 반면, 한국에서 진행되고 있는 잊힐 권리 관련 논의가 언론 기사로 인한 개인의 인격권 침해 전반에 대한 피해 구제 차원으로 확대되면서 기사 삭제 청구권을 포함하는 법적 권리로 변용돼 논의되는 상황에 주목했다. 이에 본 논문은 잊힐 권리의 개념 및 그 보호법익을 해외 사례를 통해 파악한 후, 국내의 표현의 자유 규제 법률들을 살펴봄으로써 현재 추진되고 있는 기사 삭제 청구권 신설의 타당성을 검토했다. 한국은 헌법 21조 4항, 정보통신망법, 형법상의 명예훼손죄와 모욕죄, 민사상 명예훼손 손해배상 규정, 언론중재법, 공직선거법, 방송통신심의위원회의 심의, 대법원 판례 등으로 인격권과 명예훼손을 구제하는 법망이 해외에 비해 꽉 짜여 있다. 따라서 본 논문은 여기에 추가해 언론중재법에 기사 삭제 청구권을 신설하는 것은, 링크 삭제 청구권을 인정하지만 언론 기사 자체를 삭제하지는 않는 세계적 추세와 결을 달리할 뿐 아니라, 상충하는 법익들을 비교형량할 때 표현의 자유를 심대하게 침해할 위험이 크다고 주장한다.

• 한국전자거래학회지
• /
• 제22권4호
• /
• pp.21-38
• /
• 2017

금융회사, 공공기관 등이 보유하고 있는 다양한 정보를 오픈 플랫폼을 통해 적극적으로 핀테크 기업에게 개방하고 있는 추세다. 본 연구에서는 개인정보보호법, 정보통신망 이용 및 촉진에 관한 법률 등 정보보호 관련 법상 개인정보처리의 "제3자 제공"과 "위탁"의 개념 차이를 살펴볼 것이다. 그리고 "위탁"과 달리 핀테크 기업처럼 "제3자 제공", 즉 일반적으로 "제휴" 관계인 경우 제공하는 기업의 법적 의무가 지나치게 완화되어 있는데 반해 정보유출 위험은 상대적으로 높기 때문에 현실에 맞는 정보보호 관련 법제도 정비를 제언하고자 한다. 또한 "제3자 제공"시 제공받는 기업이 스스로 정보보호 수준을 높일 수 있도록 정보보호 자가진단 체크리스트를 제시한다. 이를 통해 금융회사 오픈 플랫폼을 활용하는 31개 핀테크 기업을 진단한 결과, 수탁자보다 정보보호 수준이 상대적으로 미흡하다는 것을 확인하였다. 금융회사와 "제3자 제공" 관계인 핀테크 기업의 정보보호 수준이 높아질 수 있도록 체크 리스트의 적극적인 활용을 제언한다.

• 의료법학
• /
• 제13권1호
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Asia pacific journal of information systems
• /
• 제21권3호
• /
• pp.71-96
• /
• 2011

Within the traditional medical delivery system, patients residing in medically vulnerable areas, those with body movement difficulties, and nursing facility residents have had limited access to good healthcare services. However, Information and Communication Technology (ICT) provides us with a convenient and useful means of overcoming distance and time constraints. ICT is integrated with biomedical science and technology in a way that offers a new high-quality medical service. As a result, rapid technological advancement is expected to play a pivotal role bringing about innovation in a wide range of medical service areas, such as medical management, testing, diagnosis, and treatment; offering new and improved healthcare services; and effecting dramatic changes in current medical services. The increase in aging population and chronic diseases has caused an increase in medical expenses. In response to the increasing demand for efficient healthcare services, a telehealth service based on ICT is being emphasized on a global level. Telehealth services have been implemented especially in pilot projects and system development and technological research. With the service about to be implemented in earnest, it is necessary to study its overall acceptance by consumers, which is expected to contribute to the development and activation of a variety of services. In this sense, the study aims at positively examining the structural relationship among the acceptance factors for telehealth services based on the Technology Acceptance Model (TAM). Data were collected by showing audiovisual material on telehealth services to online panels and requesting them to respond to a structured questionnaire sheet, which is known as the information acceleration method. Among the 1,165 adult respondents, 608 valid samples were finally chosen, while the remaining were excluded because of incomplete answers or allotted time overrun. In order to test the reliability and validity of the assessment scale items, we carried out reliability and factor analyses, and in order to explore the causal relation among potential variables, we conducted a structural equation modeling analysis using AMOS 7.0 and SPSS 17.0. The research outcomes are as follows. First, service quality, innovativeness of medical technology, and social influence were shown to affect perceived ease of use and perceived usefulness of the telehealth service, which was statistically significant, and the two factors had a positive impact on willingness to accept the telehealth service. In addition, social influence had a direct, significant effect on intention to use, which is paralleled by the TAM used in previous research on technology acceptance. This shows that the research model proposed in the study effectively explains the acceptance of the telehealth service. Second, the research model reveals that information privacy concerns had a insignificant impact on perceived ease of use of the telehealth service. From this, it can be gathered that the concerns over information protection and security are reduced further due to advancements in information technology compared to the initial period in the information technology industry, and thus the improvement in quality of medical services appeared to ensure that information privacy concerns did not act as a prohibiting factor in the acceptance of the telehealth service. Thus, if other factors have an enormous impact on ease of use and usefulness, concerns over these results in the initial period of technology acceptance may become irrelevant. However, it is clear that users' information privacy concerns, as other studies have revealed, is a major factor affecting technology acceptance. Thus, caution must be exercised while interpreting the result, and further study is required on the issue. Numerous information technologies with outstanding performance and innovativeness often attract few consumers. A revised bill for those urgently in need of telehealth services is about to be approved in the national assembly. As telemedicine is implemented between doctors and patients, a wide range of systems that will improve the quality of healthcare services will be designed. In this sense, the study on the consumer acceptance of telehealth services is meaningful and offers strong academic evidence. Based on the implications, it can be expected to contribute to the activation of telehealth services. Further study is needed to assess the acceptance factors for telehealth services, such as motivation to remain healthy, health care involvement, knowledge on health, and control of health-related behavior, in order to develop unique services according to the categorization of customers based on health factors. In addition, further study may focus on various theoretical cognitive behavior models other than the TAM, such as the health belief model.