Global ETD Search

51	應用區塊鏈技術設計具資料隱私性之綠色供應鏈管理平台框架 / Using Blockchain Technology to Design a Green Supply Chain Management Information Platform Framework with Data Privacy 黃方佐 Unknown Date (has links) 在今日，實施綠色供應鏈管理不僅是遵守法規規範，更積極的是實施綠色供應鏈管理可為企業帶來更多競爭優勢，因此綠色供應鏈管理對企業而言越來越是值得探討與重視的議題。目前綠色供應鏈管理平台的建立普遍是依賴政府或是第三方機構建立資料交換的機制，或是串接供應鏈上各個企業不同的企業系統達到資料交換的目的，然而這樣的做法有其風險。因為物料資料對企業來說是敏感且有價值的，企業須對提供儲存、資料交換服務的平台有高度信任度，且整個系統亦有中央集權式系統架構之缺陷。運用區塊鏈技術的特性可以解決這樣的問題，區塊鏈技術提供資料永久保存、不可篡改的分散式系統解決方案。本研究更近一步將區塊鏈技術結合加解密機制，讓資料僅有提供者本身以及其同意之查詢者能讀取，如此一來使得區塊鏈系統更具資料隱私之特性，並透過區塊鏈外部儲存系統的設計使儲存空間更易規模化，使得綠色供應鏈中大量、有價值物料資料之儲存、交換且須高度信賴物料資料不被篡改以及綠色認證不被篡改、偽造的這些議題能被解決。 / Nowadays, the implementation of green supply chain management system can bring more competitive advantages for enterprises. This issue is increasingly worthy of discussion. Until now, the establishment of green supply chain management platform generally depends on the government or third parties building the mechanism of exchanging the information, and connecting the various enterprises of different enterprises on supply chain to achieve the purpose of data exchange. However, the approach has risks. The features of blockchain technology can provide permanent preservation and tamper-proof system through the decentralized system solutions. Moreover, this study combines with data-privacy design and off-blockchain storage design to solve the problems of storaging and exchanging the valuable data and ensure material information and green certifications are tamper-proof. 綠色供應鏈管理平台區塊鏈技術資料隱私性 Green supply chain management platform Blockchain technology Data privacy
52	Smart Grid security : protecting users' privacy in smart grid applications Mustafa, Mustafa Asan January 2015 (has links) Smart Grid (SG) is an electrical grid enhanced with information and communication technology capabilities, so it can support two-way electricity and communication flows among various entities in the grid. The aim of SG is to make the electricity industry operate more efficiently and to provide electricity in a more secure, reliable and sustainable manner. Automated Meter Reading (AMR) and Smart Electric Vehicle (SEV) charging are two SG applications tipped to play a major role in achieving this aim. The AMR application allows different SG entities to collect users’ fine-grained metering data measured by users’ Smart Meters (SMs). The SEV charging application allows EVs’ charging parameters to be changed depending on the grid’s state in return for incentives for the EV owners. However, both applications impose risks on users’ privacy. Entities having access to users’ fine-grained metering data may use such data to infer individual users’ personal habits. In addition, users’ private information such as users’/EVs’ identities and charging locations could be exposed when EVs are charged. Entities may use such information to learn users’ whereabouts, thus breach their privacy. This thesis proposes secure and user privacy-preserving protocols to support AMR and SEV charging in an efficient, scalable and cost-effective manner. First, it investigates both applications. For AMR, (1) it specifies an extensive set of functional requirements taking into account the way liberalised electricity markets work and the interests of all SG entities, (2) it performs a comprehensive threat analysis, based on which, (3) it specifies security and privacy requirements, and (4) it proposes to divide users’ data into two types: operational data (used for grid management) and accountable data (used for billing). For SEV charging, (1) it specifies two modes of charging: price-driven mode and price-control-driven mode, and (2) it analyses two use-cases: price-driven roaming SEV charging at home location and price-control-driven roaming SEV charging at home location, by performing threat analysis and specifying sets of functional, security and privacy requirements for each of the two cases. Second, it proposes a novel Decentralized, Efficient, Privacy-preserving and Selective Aggregation (DEP2SA) protocol to allow SG entities to collect users’ fine-grained operational metering data while preserving users’ privacy. DEP2SA uses the homomorphic Paillier cryptosystem to ensure the confidentiality of the metering data during their transit and data aggregation process. To preserve users’ privacy with minimum performance penalty, users’ metering data are classified and aggregated accordingly by their respective local gateways based on the users’ locations and their contracted suppliers. In this way, authorised SG entities can only receive the aggregated data of users they have contracts with. DEP2SA has been analysed in terms of security, computational and communication overheads, and the results show that it is more secure, efficient and scalable as compared with related work. Third, it proposes a novel suite of five protocols to allow (1) suppliers to collect users accountable metering data, and (2) users (i) to access, manage and control their own metering data and (ii) to switch between electricity tariffs and suppliers, in an efficient and scalable manner. The main ideas are: (i) each SM to have a register, named accounting register, dedicated only for storing the user’s accountable data, (ii) this register is updated by design at a low frequency, (iii) the user’s supplier has unlimited access to this register, and (iv) the user cancustomise how often this register is updated with new data. The suite has been analysed in terms of security, computational and communication overheads. Fourth, it proposes a novel protocol, known as Roaming Electric Vehicle Charging and Billing, an Anonymous Multi-User (REVCBAMU) protocol, to support the priced-driven roaming SEV charging at home location. During a charging session, a roaming EV user uses a pseudonym of the EV (known only to the user’s contracted supplier) which is anonymously signed by the user’s private key. This protocol protects the user’s identity privacy from other suppliers as well as the user’s privacy of location from its own supplier. Further, it allows the user’s contracted supplier to authenticate the EV and the user. Using two-factor authentication approach a multi-user EV charging is supported and different legitimate EV users (e.g., family members) can be held accountable for their charging sessions. With each charging session, the EV uses a different pseudonym which prevents adversaries from linking the different charging sessions of the same EV. On an application level, REVCBAMU supports fair user billing, i.e., each user pays only for his/her own energy consumption, and an open EV marketplace in which EV users can safely choose among different remote host suppliers. The protocol has been analysed in terms of security and computational overheads. 621.31
53	Privacy-aware and scalable recommender systems uing sketching techniques / Respect de la vie privée des systèmes de recommandation grâce à l’emploi d’algorithmes à base de sketchs Balu, Raghavendran 09 November 2016 (has links) Cette thèse étudie les aspects passage à l’échelle et respect de la vie privée des systèmes de recommandation grâce à l’emploi d’algorithmes à base de sketchs. Les contributions techniques liées à cette étude nous permettent de proposer un système de recommandations personnalisées capable de passer à l’échelle tant en nombre d’utilisateurs qu’en nombre de produits à recommander, tout en offrant une bonne protection de la confidentialité de ces recommandations. La thèse se situe ainsi à la croisée de trois domaines qui sont les systèmes de recommandation, la confidentialité différentielle et les techniques à base de sketchs. Concernant la confidentialité, nous nous sommes intéressés à définir de nouveaux mécanisme garantissant une bonne confidentialité mais aussi à les évaluer. Nous avons pu observer que c’est qui est le paramètre essentiel contrôlant le respect plus ou moins garanti de la confidentialité différentielle. Par ailleurs, le besoin de fonctionner à grande échelle demande de relever les défis liés à la modélisation de très nombreux utilisateurs et à la prise en compte de très nombreux produits à recommander. Ces défis sont particulièrement difficiles à relever dans un contexte où les préférences des utilisateurs et le catalogue de produits évoluent dynamiquement. Cette évolution complexifie les techniques de stockage des profils des utilisateurs, leur mise à jour et leur interrogation. Nos contributions sur cet aspect intéressent non seulement le domaine de la recommandation, mais ont une portée plus générale. Globalement, nous avons mené de nombreuses campagnes d’évaluation de nos propositions, sur des jeux de données réels de très grande taille, démontrant ainsi la capacité de nos contributions à passer à l’échelle tout en offrant de la dynamicité et des garanties sur la confidentialité. / In this thesis, we aim to study and evaluate the privacy and scalability properties of recommender systems using sketching techniques and propose scalable privacy preserving personalization mechanisms. Hence, the thesis is at the intersection of three different topics: recommender systems, differential privacy and sketching techniques. On the privacy aspects, we are interested in both new privacy preserving mechanisms and the evaluation of such mechanisms. We observe that the primary parameter in differential privacy is a control parameter and motivated to find techniques that can assess the privacy guarantees. We are also interested in proposing new mechanisms that are privacy preserving and get along well with the evaluation metrics. On the scalability aspects, we aim to solve the challenges arising in user modeling and item retrieval. User modeling with evolving data poses difficulties, to be addressed, in storage and adapting to new data. Also, addressing the retrieval aspects finds applications in various domains other than recommender systems. We evaluate the impact of our contributions through extensive experiments conducted on benchmark real datasets and through the results, we surmise that our contributions very well address the privacy and scalability challenges. Sciences de l'information Protection de la vie privée Systèmes de recommandation Protection de l'information Structures de données Information science Protection of privacy Recommender systems Data privacy Data structures
54	Design for Addressing Data Privacy Issues in Legacy Enterprise Application Integration Meddeoda Gedara, Kavindra Kulathilake January 2019 (has links) Electronic message transfer is the key element in enterprise application integration (EAI) and the privacy of data transferred must be protected by the systems involved in the message transfer from origin to the destination. The recent data privacy regulation such as GDPR (General Data Protection Regulation) has enforced the organizations to ensure the privacy of the personal data handled with obligations to provide visibility and control over to the data owner. Privacy concerns with relevant to sensitive data embedded and transferred through business-to-business (B2B) middleware platforms in enterprise architecture are mostly at risk with the legacy nature of the products and the complexity of system integrations. This poses a great threat and challenge to organizations processing sensitive data over the interconnected systems in complying with regulatory requirements. This research proposes a solution design to address the data privacy issues related to personal data handled in an enterprise application integration framework. Where electronic messages used to transfer personally identifiable information (PII). The proposal consisting of a design called “Safety Locker” to issue unique tokens related to encrypted PII elements stored in a persistence data storage based on Apache Ignite. While adding REST API interfaces to access the application functionality such as tokenization, de-tokenization, token management and accessing audit logs. The safety locker can run as a standalone application allowing clients to access its functionality remotely utilizing hypertext transfer protocol (HTTP). The design allows the data controllers to ensure the privacy of PII by embedding tokens generated from the application within the electronic messages transferred through interconnected systems. The solution design is evaluated through a proof of concept implementation, which can be adapted, enhanced to apply in EAI implementations. B2B EDI EDIFACT GDPR Enterprise Application Integration Middleware Broker Tokenization Data Privacy Annan elektroteknik och elektronik
55	Datenschutz in Call Centern – Bestandsaufnahme zur Aufzeichnung und Verwendung personenbezogener Daten Hrach, Christian, Alt, Rainer 25 January 2012 (has links) Dienstleister in der Telekommunikationsbranche haben nicht zuletzt aus rechtlicher Sicht die Pflicht zu einem sensiblen Umgang mit personenbezogenen Daten. Dies bezieht sich nicht nur auf Kundendaten, sondern ebenso auf mitarbeiterbezogene Daten zur Führung eines Call Centers. Je nach Situation und Anwendungsfall regeln die Verwendungsmöglichkeiten dieser Daten in Call Centern das allgemeine Persönlichkeitsrecht und das Bundesdatenschutzgesetz (BDSG). Daraus ergibt sich für die Entwicklung und den Einsatz von Call Center-spezifischen Anwendungssystemen (z.B. Kampagnenmanagement-Systeme, Dialer) die Herausforderung, zum einen die Einhaltung rechtlicher Bestimmungen sicherzustellen, aber zum anderen den häufig detailreichen Informationsbedarfen der Call Center-Leitungsebenen zu entsprechen. Neben rechtlichen Beschränkungen bei der Handhabung von Kundendaten sind hier die Grenzen und Grauzonen bezüglich der Verwendungsmöglichkeiten von Leistungsdaten zur Mitarbeiterüberwachung und -beurteilung (z.B. verdecktes Mithören oder Gesprächsaufzeichnung) zu berücksichtigen.:1 Einleitung 2 Verwendung personenbezogener Daten 2.1 Personenbezogene Daten 2.2 Verwendung personenbezogener Daten nach BDSG 2.3 Legitimation durch Einwilligung 2.4 Aufhebung der Zweckbindung 2.5 Transparenzpflicht gegenüber den Betroffenen 2.6 Zusammenfassung 3 Telefondatenerfassung im Call Center 3.1 Erfassung von Dienstgesprächen 3.2 Besonderheiten in Call Centern 3.3 Mithören und Gesprächsaufzeichnung in Call Centern 4 Fazit info:eu-repo/classification/ddc/330 ddc:330
56	Machine Learning for Marketing Decision Support Haupt, Johannes Sebastian 10 July 2020 (has links) Die Digitalisierung der Wirtschaft macht das Customer Targeting zu einer wichtigen Schnittmenge von Marketing und Wirtschaftsinformatik. Marketingtreibende können auf Basis von soziodemografischen und Verhaltensdaten gezielt einzelne Kunden mit personalisierten Botschaften ansprechen. Diese Arbeit erweitert die Perspektive der Forschung im Bereich der modellbasierten Vorhersage von Kundenverhalten durch 1) die Entwicklung und Validierung neuer Methoden des maschinellen Lernens, die explizit darauf ausgelegt sind, die Profitabilität des Customer Targeting im Direktmarketing und im Kundenbindungsmanagement zu optimieren, und 2) die Untersuchung der Datenerfassung mit Ziel des Customer Targeting aus Unternehmens- und Kundensicht. Die Arbeit entwickelt Methoden welche den vollen Umfang von E-Commerce-Daten nutzbar machen und die Rahmenbedingungen der Marketingentscheidung während der Modellbildung berücksichtigen. Die zugrundeliegenden Modelle des maschinellen Lernens skalieren auf hochdimensionale Kundendaten und ermöglichen die Anwendung in der Praxis. Die vorgeschlagenen Methoden basieren zudem auf dem Verständnis des Customer Targeting als einem Problem der Identifikation von Kausalzusammenhängen. Die Modellschätzung sind für die Umsetzung profitoptimierter Zielkampagnen unter komplexen Kostenstrukturen ausgelegt. Die Arbeit adressiert weiterhin die Quantifizierung des Einsparpotenzials effizienter Versuchsplanung bei der Datensammlung und der monetären Kosten der Umsetzung des Prinzips der Datensparsamkeit. Eine Analyse der Datensammlungspraktiken im E-Mail-Direktmarketing zeigt zudem, dass eine Überwachung des Leseverhaltens in der Marketingkommunikation von E-Commerce-Unternehmen ohne explizite Kundenzustimmung weit verbreitet ist. Diese Erkenntnis bildet die Grundlage für ein auf maschinellem Lernen basierendes System zur Erkennung und Löschung von Tracking-Elementen in E-Mails. / The digitization of the economy has fundamentally changed the way in which companies interact with customers and made customer targeting a key intersection of marketing and information systems. Building models of customer behavior at scale requires development of tools at the intersection of data management and statistical knowledge discovery. This dissertation widens the scope of research on predictive modeling by focusing on the intersections of model building with data collection and decision support. Its goals are 1) to develop and validate new machine learning methods explicitly designed to optimize customer targeting decisions in direct marketing and customer retention management and 2) to study the implications of data collection for customer targeting from the perspective of the company and its customers. First, the thesis proposes methods that utilize the richness of e-commerce data, reduce the cost of data collection through efficient experiment design and address the targeting decision setting during model building. The underlying state-of-the-art machine learning models scale to high-dimensional customer data and can be conveniently applied by practitioners. These models further address the problem of causal inference that arises when the causal attribution of customer behavior to a marketing incentive is difficult. Marketers can directly apply the model estimates to identify profitable targeting policies under complex cost structures. Second, the thesis quantifies the savings potential of efficient experiment design and the monetary cost of an internal principle of data privacy. An analysis of data collection practices in direct marketing emails reveals the ubiquity of tracking mechanisms without user consent in e-commerce communication. These results form the basis for a machine-learning-based system for the detection and deletion of tracking elements from emails. Direktmarketing Maschinelles Lernen Entscheidungsunterstützung Datenschutz Customer Targeting Machine Learning Decision Support Data Privacy 330 Wirtschaft QP 600 QP 610 QP 611 QR 760 QH 500 ddc:330
57	Opportunities and challenges with the GDPR implementation : A study of how the GDPR has affected business processes in Sweden Al Abassi, Baraa, Aladellie, Sara January 2020 (has links) The General Data Protection Regulation is a relatively new law that is applied to all companies within the member states of the European Union. The law is established to protect individual’s personal rights and privacy from being misused. The purpose of this qualitative study is to investigate how businesses based in Sweden have complied with their internal and external processes in alignment with the GDPR. The gap that was found was that limited research has been made regarding how businesses have complied in alignment with the law after the implementation. To investigate this problem area, semi-instructed interviews were conducted with five large companies in Sweden. The results that were found was that the General Data Protection Regulation has contributed to different challenges for businesses as well as opportunities. Nevertheless, a major finding from the empirical presentation together with previous research was that the businesses need to standardise their processes to align with the standards of the General Data Protection Regulation. GDPR General Data Protection Regulation Personal Data Data Privacy Institutional theory Information Systems, Social aspects
58	Data ownership and interoperability for a decentralized social semantic web / La propriété des données et l'interopérabilité pour un Web sémantique social décentralisé Sambra, Andrei Vlad 19 November 2013 (has links) Assurer l'appropriation des données personnelles et l'interopérabilité des applications Web sociaux décentralisées est actuellement un sujet controversé, surtout en prenant compte des aspects de la vie privée et du contrôle d'accès. Il est important d'améliorer le Web social de telle manière à permettre des modèles d'affaires viables tout en étant capable de fournir une plus grande appropriation des données et l'interopérabilité des données par rappport à la situation actuelle. A cet égard, nous avons concentré notre recherche sur trois thèmes différents: le contrôle d'identité, l'authentifiaction et le contrôle d'accès. Tout d'abord, nous abordons le sujet de l'identité décentralisée en proposant un nouveau standard Web appelé "Web Identity and Discovery" (WebID), qui offre un mécanisme d'identification simple et universel qui est distribué et ouvertement extensible. Ensuite, nous passons à la question de l'authentification où nous proposons WebID-TLS, un protocole d'authentification décentralisé qui permet l'authentification sécurisée, simple et efficace sur le Web en permettant aux personnes de se connecter à l'aide de certificats clients. Nous étendons également WebID-TLS, en offrant des moyens d'effectuer de l'authentification déléguée et de la délégation d'accès. Enfin, nous présentons notre dernière contribution, un service de contrôle d'accès social, qui sert à protéger l'accès aux ressources Linked Data générés par les utilisateurs (par exemple, les données de profil, messages du mur, conversations, etc) par l'application de deux mesures: la "distance de proximité sociale" et "contexte social" / Ensuring personal data ownership and interoperability for decentralized social Web applications is currently a debated topic, especially when taking into consideration the aspects of privacy and access control. Since the user's data are such an important asset of the current business models for most social Websites, companies have no incentive to share data among each other or to offer users real ownership of their own data in terms of control and transparency of data usage. We have concluded therefore that it is important to improve the social Web in such a way that it allows for viable business models while still being able to provide increased data ownership and data interoperability compared to the current situation. To this regard, we have focused our research on three different topics: identity, authentication and access control. First, we tackle the subject of decentralized identity by proposing a new Web standard called "Web Identity and Discovery" (WebID), which offers a simple and universal identification mechanism that is distributed and openly extensible. Next, we move to the topic of authentication where we propose WebID-TLS, a decentralized authentication protocol that enables secure, efficient and user friendly authentication on the Web by allowing people to login using client certificates and without relying on Certification Authorities. We also extend the WebID-TLS protocol, offering delegated authentication and access delegation. Finally we present our last contribution, the Social Access Control Service, which serves to protect the privacy of Linked Data resources generated by users (e.g. pro le data, wall posts, conversations, etc.) by applying two social metrics: the "social proximity distance" and "social contexts" Identité décentralisée Authentification décentralisée Confidentialité des données Contrôle d'accès WebID WebID-TLS Web sémantique Decentralized identity Decentralized authentification Data privacy Access control WebID WebID-TLS Semantic web
59	Examining Data Privacy Breaches in Healthcare Smith, Tanshanika Turner 01 January 2016 (has links) Healthcare data can contain sensitive, personal, and confidential information that should remain secure. Despite the efforts to protect patient data, security breaches occur and may result in fraud, identity theft, and other damages. Grounded in the theoretical backdrop of integrated system theory, the purpose of this study was to determine the association between data privacy breaches, data storage locations, business associates, covered entities, and number of individuals affected. Study data consisted of secondary breach information retrieved from the Department of Health and Human Services Office of Civil Rights. Loglinear analytical procedures were used to examine U.S. healthcare breach incidents and to derive a 4-way loglinear model. Loglinear analysis procedures included in the model yielded a significance value of 0.000, p > .05 for the both the likelihood ratio and Pearson chi-square statistics indicating that an association among the variables existed. Results showed that over 70% of breaches involve healthcare providers and revealed that security incidents often consist of electronic or other digital information. Findings revealed that threats are evolving and showed that likely factors other than data loss and theft contribute to security events, unwanted exposure, and breach incidents. Research results may impact social change by providing security professionals with a broader understanding of data breaches required to design and implement more secure and effective information security prevention programs. Healthcare leaders might affect social change by utilizing findings to further the security dialogue needed to minimize security risk factors, protect sensitive healthcare data, and reduce breach mitigation and incident response costs. breach mitigation and response data privacy breach information security loglinear analysis secondary data analysis security breach Business Computer Sciences Databases and Information Systems
60	Examining Data Privacy and User Trust in Fertility- and Menstruation Technologies Using an Intersectional Feminist Perspective / Undersökning av Datasäkerhet och Användartillit i Fertilitet- och Menstruationsteknologier med ett Intersektionellt Feministiskt Perspektiv Larsson, Sandra January 2023 (has links) With the digitization of healthcare, there has been an increase in self-tracking technologies for health. One group of self-tracking technologies is FMTs, fertility- and menstruation technologies. By gathering information on users’ menstruation and fertility, these technologies have access to intimate and sensitive data that requires secure protection. Previous research has criticized FMTs for lacking in data security and several risks with this data being shared have been identified. Risks of lacking data security include discrimination against the user in the workplace, and being targeted by cyber-criminals. This thesis explores how users perceive trust and data privacy in fertility- and menstruation technologies by conducting a user study. Participants (n=18) were interviewed in pairs about their experiences of FMTs, data privacy, and trust. Based on the interview findings, seven design guidelines were created to enhance user trust and ensure data privacy. Additionally, an Android application was developed as a high-fidelity prototype to visualize and discuss the guidelines. The research contributes to the field by identifying design aspects that can be used by creators of FMTs to improve their privacy practices and generate trust among their users. / Med digitalisering har det skett en ökning av självspårande teknologier inom hälsa. En typ av självspårande teknologier är FMT:er, fertilitet- och menstruationsteknologier. Genom att samla information om användares menstruation och fertilitet har de här teknologierna tillgång till intim och känslig data som kräver ordentligt skydd. Risker med bristande datasäkerhet inkluderar att användaren diskrimineras på sin arbetsplats, blir offer för cyberbrottslingar, och blir kontrollerad av en familjemedlem eller partner. Tidigare forskning har kritiserat FMT:er för bristande datasäkerhet och har identifierat flera risker med detta. Den här uppsatsen utforskar hur användare uppfattar tillit och datasäkerhet till fertilitet- och menstruationsteknologier genom en användarstudie. Deltagare (n=18) intervjuades parvis om deras erfarenhet av FMT:er, datasäkerhet och tillit. Utifrån intervjuresultaten har sju riktlinjer för design av FMT:er för ökad tillit och datasäkerhet tagits fram. Dessutom utvecklades en Android applikation som prototyp för att visualisera riktlinjerna. Denna uppsats bidrar till forskningsområdet genom att identifiera designaspekter som kan användas av FMT utvecklare för att förbättra deras sekretesspraxis och påverka deras användares tillit till deras produkt. femtech data privacy trust user experience feminist hci data feminism menstruation fertility femtech datasäkerhet tillit användarupplevelse feministisk människadatorinteraktion data feminism menstruation fertilitet Computer Sciences Datavetenskap (datalogi)

Search results