• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.6
• /
• pp.197-208
• /
• 2014

In an information society, privacy protection is one of the most important ethical issues. In medical institutes in which personal medical information is collected and stored, in addition, a privacy breach can cause a serious damage on personal lives. This study attempted to develop privacy concern measurement tool in personal medical information to measure patients' concern on their medical information from medical service consumers' perspective and verify its validity. For this, privacy concern measurement tool in personal medical information was developed based on the results of previous studies. After performing Exploratory Factor Analysis(EFA) and Confirmatory Factor Analysis(CFA) on the measurement tool, its reliability and validity were verified. It appears that the measurement tool would be useful in developing decent privacy protection policy after investigating citizens' concern on the protection of personal medical information and domains they are interested in. For medical institutes as well, they would be helpful in coming up with a reasonable plan after figuring out problems in the protection of personal medical information and current status.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• Asia pacific journal of information systems
• /
• v.24 no.1
• /
• pp.93-112
• /
• 2014

As personal data breach reared up as a problem domestically and globally, organizations appointing chief privacy officers (CPOs) are increasing. Related Korean laws, 'Personal Data Protection Act' and 'the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.' require personal data processing organizations to appoint CPOs. Research on the characteristics and role of CPO is called for because of the importance of CPO being emphasized. There are many researches on top management's role and their impact on organizational performance using the Upper Echelon theory. This study investigates what influence the characteristics of CPO gives on the organizational privacy performance. CPO's definition varies depending on industry, organization size, required responsibility and power. This study defines CPO as 'a person who takes responsibility for all the duties on handling the organization's privacy,' This research assumes that CPO characteristics such as role, personality and background knowledge have an influence on the organizational privacy performance. This study applies the part relevant to the upper echelon's characteristics and performance of the executives (CEOs, CIOs etc.) for CPO. First, following Mintzberg and other managerial role classification, information, strategic, and diplomacy roles are defined as the role of CPO. Second, the "Big Five" taxonomy on individual's personality was suggested in 1990. Among these five personalities, extraversion and conscientiousness are drawn as the personality characteristics of CPO. Third, advance study suggests complex knowledge of technology, law and business is necessary for CPO. Technical, legal, and business background knowledge are drawn as the background knowledge of CPO. To test this model empirically, 120 samples of data collected from CPOs of domestic organizations are used. Factor analysis is carried out and convergent validity and discriminant validity were verified using SPSS and Smart PLS, and the causal relationships between the CPO's role, personality, background knowledge and the organizational privacy performance are analyzed as well. The result of the analysis shows that CPO's diplomacy role and strategic role have significant impacts on organizational privacy performance. This reveals that CPO's active communication with other organizations is needed. Differentiated privacy policy or strategy of organizations is also important. Legal background knowledge and technical background knowledge were also found to be significant determinants to organizational privacy performance. In addition, CPOs conscientiousness has a positive impact on organizational privacy performance. The practical implication of this study is as follows: First, the research can be a yardstick for judgment when companies select CPOs and vest authority in them. Second, not only companies but also CPOs can judge what ability they should concentrate on for development of their career relevant to their job through results of this research. Cultural social value, citizen's consensus on the right to privacy, expected CPO's role will change in process of time. In future study, long-term time-series analysis based research can reveal these changes and can also offer practical implications for government and private organization's policy making on information privacy.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.563-574
• /
• 2009

The merits of random substitutions are various applicability and security guarantee on the view point of privacy breach. However there is no research to improve the accuracy of random substitutions. In this paper we propose an algorithm for improving the accuracy of random substitutions by an advanced theoretical analysis about the standard errors. We examine that random substitutions have an unpractical accuracy level and our improved algorithm meets the theoretical results by some experiments for data sets having uniform and normal distributions. By our proposed algorithm, it is possible to upgrade the accuracy level under the same security level as the original method. The additional cost of computation for our algorithm is still acceptable and practical.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1285-1303
• /
• 2019

In the current credit scoring system, the credit bureau gathers credit information from financial institutions and calculates a credit score based on it. However, because all sensitive credit information is stored in one central authority, there are possibilities of privacy violations and successful external attacks can breach large amounts of personal information. To handle this problem, we propose privacy-preserving credit scoring in which a user gathers credit information from financial institutions, calculates a credit score and proves that the score is calculated correctly using a zero-knowledge proof and a blockchain. In addition, we propose a zero-knowledge proof scheme that can efficiently prove committed inputs to check whether the inputs of a zero-knowledge proof are actually provided by financial institutions with a blockchain. This scheme provides perfect zero-knowledge unlike Agrawal et al.'s scheme, short CRSs and proofs, and fast proof and verification. We confirmed that the proposed credit scoring can be used in the real world by implementing it and experimenting with a credit score algorithm which is similar to that of the real world.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1577-1587
• /
• 2015

Privacy of financial customers is becoming important due to frequent leakage of personal information. Financial customers, who experience the leakage of personal information, feel threatened by their privacy and this changes customer's awareness about financial institutions or behavioral intentions. By examining the influence relation of personal information security vulnerability of the bank information system with usefulness, trust and attractiveness perceived by bank customers, this study aims to analyze the effect of each variable on bank customers' willingness to stay.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.271-288
• /
• 2010

In this paper, we study the dysfunctions of cryptography as dual-use goods and national domestic encryption control policies like key recovery system and decryption order. And we examine risks of the breach of the peoples' constitutional rights like the right to privacy in these policies and analyze these policies by applying the principle of the ban on the over-restriction. Finally, we propose the direction and requirements of our national domestic encryption control policy that maintains the balance of peoples' constitutional rights and investigatory powers.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.77-102
• /
• 2015

FinTech service industry has been growing rapidly around the world. It has driven innovation in financial and payment service industry with different channels such as mobile based on Information and Communications Technology (ICT). However, FinTech service is vulnerable to different security threats due to use the valuable data such as personal information and financial information. It is undeniable that collection and use of those information may increase the possibility of identity theft or privacy breach. In this paper will develop a self-checklist for the Simple Payment service users (Privacy Pragmatists) who want to make a rational decision to protect their personal information. The checklist is going to let the users assess the personal information protection by performing the assessment themself when they use the service. The body of this paper is going to analyze the items of the checklist and through the analysis, will suggest a security policy for personal information protection of FinTech service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.987-997
• /
• 2018

Blockchain has tamper-free, so many applications are developing to leverage tamper-free features of blockchain. MIT Media Labs proposed BlockCerts, educational certificate blockchain System, to solve problems of legacy certificate verifications. Existing educational certificate blockchain Systems are based on public blockchain such as bitcoin, Ethereum, so any entity can participate educational institute in principal. Moreover, the exisitng educational certricate blockchain system utilizes the integrity of blockchain, but the confidentiality of the educational certificate is not provided. This paper propose a digital certificate system based on private blockchain, name HyperCerts. Therefore, only trusted entity can participate in the private blockchain network, Hyperledger, as the issuer of digital certificate. Furthermore, the practical byzantine fault tolerance is used as consensus algorithm, HyperCerts reduce dramatically the latency of issuing digital certificate and required computing power. HyperCerts stores the hash value of digital certificate into the ledger, so breach of personal information by malicious entity in the private blockchain is protected.

• Journal of the Korean Society of Radiology
• /
• v.83 no.4
• /
• pp.759-770
• /
• 2022

The importance of ethics in research and the use of artificial intelligence (AI) is increasingly recognized not only in the field of healthcare but throughout society. This article intends to provide domestic readers with practical points regarding the ethical issues of using radiological images for AI research, focusing on data security and privacy protection and the right to data. Therefore, this article refers to related domestic laws and government policies. Data security and privacy protection is a key ethical principle for AI, in which proper de-identification of data is crucial. Sharing healthcare data to develop AI in a way that minimizes business interests is another ethical point to be highlighted. The need for data sharing makes the data security and privacy protection even more important as data sharing increases the risk of data breach.