• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.5
• /
• pp.659-664
• /
• 2010

This paper provides an integrated framework for biometric data and private information protection in TeleHealth. Biometric technology is indispensable in providing identification and convenience in the TeleHealth environment. Once biometric information is exposed to mallicious attacker, he will suffer great loss from the illegferuse of his biometric data by someone else because of difficulty of change not like ID and password. We have to buil by someone esystem data bon the integrated framework for biometric data and private information protection in TeleHealth. First, we consider the structure of the biometric system and the security requirements of y someone esystem data bon the biometrics. And then, we define the TeleHealth system model and provide the vulnerabilities and countermeasures of the biometric-data by someone eintegrated model.byhe TeleHealth sse bec requires two-phata authentication for countermeasure. Finally, we made some functionferrequirements for main componenets of biometric-data bintegrated TeleHealth system framework to protect biometric data.

• Journal of Korean Society for Quality Management
• /
• v.49 no.4
• /
• pp.483-503
• /
• 2021

Purpose: The purpose of this study is to investigate the service quality factors in terms of customer trust, satisfaction and loyalty of the Korean telecommunication companies(SKT, KT, LG U+). Specifically, this study presents new business strategies of the each company, thereby pursuing the innovation for mature stage. Methods: To analyze the telecommunication service quality factors that contribute to customer trust, satisfaction and loyalty, this study conducted a survey targeting customers of each company. Using the data collected, the research model was built, and empirical analysis was performed through statistical processing to verify the model. Furthermore, the clarification of each hypothesis were held including the comparison analysis of each company data. Results: The results of this study are as follows; (1) When it comes to total dataset, all quality factors including trust, satisfaction and loyalty showed significant relationship, accepting every hypothesis. (2) However, for SKT and LG U+, empathy showed no significant impact on trust while the others showed significant effect. (3) Finally for KT, all service quality factors such as responsiveness, empathy, security, and customer enablement had a significant effect on trust. Conclusion: As the development of platform industry are intensified, telecommunication companies are required to manage service quality factors thoroughly, especially focusing on customer privacy and security.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.49-60
• /
• 2019

Medical record is part of the personal information that values the dignity and value of an individual, and can lead to serious social prejudice and disadvantage to an individual when it is breached illegally. In addition, the medical record has been highly threatened because its value is relatively high, and external threats are continuing. In this paper, we propose a medical record sharing framework that guarantees patient's privacy based on blockchain using ciphertext policy-based attribute based proxy re-encryption scheme. The proposed framework first uses the blockchain technology to ensure the integrity and transparency of medical records, and uses the stealth address to build the unlinkability between physician and patient. Besides, the ciphertext policy attribute-based proxy re-encryption scheme is used to enable fine-grained access control, and it is possible to share information in emergency situations without patient's agreement.

• Journal of Platform Technology
• /
• v.8 no.1
• /
• pp.10-15
• /
• 2020

Recently, various industrial sectors have introduced cloud service actively in their business because cloud computing technology enables storage·management and analysis·utilization of data easily in anytime, anywhere. Especially in financial sector, the business provocatively adopted the service and creates various innovative cases; furthermore, already in abroad, the sector has been accelerating digitization of analysis in cases of credit risk, financial fraud data, stock trading etc. On the contrary, in the domestic financial industry, not only the cloud service introduction and innovation cases are underperformed, but most of them are focused on the back-office service. Most Korean financial corporations are burdened with the adoption of cloud service due to various conservative regulatory requirements, such as regulations on data storage and management, regulations on privacy, and other tasks such as developing decision models and establishing responsibility standard for security incidents and service failures. In this study, it would be aimed to contribute to promote the introduction of the cloud in the domestic financial sector by drawing up preemptive challenges and inspecting priorities.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.151-156
• /
• 2023

Currently, ICT is widely used in caring for the elderly living alone and preventing the disappearance of the elderly with dementia. Therefore, in this study, based on the government policy direction for the 4th industrial revolution, the use of AI technology-based care services, which are gradually increasing in community care, was sought to explore the current status and prospects for utilization and activation.AI speakers and caring robots, services that can be used for community care, help solve various problems experienced by the elderly, and are also used to relieve lack of conversation or loneliness by adding emotional functions. In order to activate community care using AI technology in the future: First, there is a need for continuous education to familiarize the elderly with AI devices and 'user experience (UX) design' for the elderly. Second, it is necessary to use human-centered technology that has a complementary relationship and enables emotional mutual relationships rather than using function-oriented technology. Third, it is necessary to solve ethical problems such as guaranteeing the user's right to self-determination and protecting privacy.

• Asia-Pacific Journal of Business
• /
• v.14 no.4
• /
• pp.49-65
• /
• 2023

Purpose - In the Korean and Chinese social landscape, it is vital to appreciate the significance of the Japanese history problem. The current study investigated whether the perception of the Japanese history problem affects decisions regarding technology adoption in organizations by comparing South Korea and China. Design/methodology/approach - The study involved 305 Korean and 379 Chinese participants who responded to scenarios and surveys regarding the adoption of workplace surveillance cameras supplied by a Japanese company. Findings - Using a moderated mediation model based on protection motivation theory (PMT), we found that past experiences of privacy invasion significantly reduced trust in the adoption of surveillance cameras at work. This relationship was mediated by respondents' perceptions of security vulnerability. The current study, however, did not confirm any significant moderating effect of the Japanese history problem priming on trust in the adoption of workplace surveillance cameras. Research implications - This suggests that the Japanese history problem may have a limited impact on organizational technology adoption decisions, different from the political consumerism behavior driven by public anti-Japanese affectivity. The current study reaffirms the validity and applicability of PMT and provides both theoretical insights and practical recommendations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.801-809
• /
• 2024

In the digital age, the importance of personal information has magnified, underscoring the need for enhanced personal information protection, especially within public institutions. Despite ongoing efforts since 2007, significant breaches in public sector information underline persistent vulnerabilities. This study advocates for a transition from a diagnostic to an assessment framework to fortify privacy management in public institutions, as mandated by recent legislative revisions. The amended Personal Information Protection Act introduces an assessment approach, aiming to comprehensively assess and mitigate risks by expanding the scope of evaluation and implementing robust regulatory measures. This study examines the limitations of the current diagnostic practices through literature review and case analysis and proposes a systematic approach to adopting the new assesment system. By enhancing the assessment framework, the study expects to improve the effectiveness of personal information management in public institutions, thereby restoring public trust and ensuring a stable progression into a more secure digital era. The transition to an assessment system is designed not only to address the gaps in the current framework but also to provide a methodical assessment that supports ongoing improvement and compliance with enhanced legal standards.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.3
• /
• pp.737-744
• /
• 2010

The use of RFID recently tends to increase and is expected to expand all over the industry and life. However, RFID is much vulnerable to the malign threats such as eavesdropping, replay attack, spoofing attack, location tracking in the process of authentication. In particular, it is difficult to apply authentication protocol used in the other previous system to low-priced RFID tag. After all, this paper suggests the scheme of efficient authentication protocol for RFID privacy protection. Compared to the previous scheme, suggested scheme reinforces the checking process of transmission data and is secure from eavesdropping and spoofing attack. It minimizes the operation work of the tag and is very useful to apply to the low-priced tag. It also has the merit to confirm the efficiency of communication by reducing the communication rounds.