建構電子病歷存取控管規則之可設定式編輯環境 / A Configurable Editor for Specifying Access Control Rule In Electronic Medical Records

王心怡, Wang,Hsin-Yi

Unknown Date

在「設計易調整的電子病歷存取控管機制」論文中，針對病患隱私的保障，設計了一套XML格式的存取控管規則語言，讓安全管理者可以藉由設計安全組態檔，動態並細緻化地切換電子病歷的存取控管程式碼。根據前述論文的需求，我們建構出一套可融合於Eclipse開發平台中的存取規則編輯環境。除了具備XML編輯器的基本功能外，我們的編輯環境針對此存取控管規則語言提供使用者自訂屬性與規則變數的機制，以半自動化的方式免去記憶屬性值的困擾；並在存取規則的限制條件編修畫面當中，加入語法解析功能與基本格式驗證功能，協助使用者編輯限制條件，早期發現錯誤，大幅簡化安全管理人員設計存取控管規則的工作。 / This thesis presents a Configurable Editor for Specifying Access Control Rule in Electronic Medical Records based on the XML rule schema designed in another thesis, "Using Aspects to Implement Adaptable Access Control for Electronic Medical Records". Our editor is developed as a plug-in in the Eclipse development platform. It has three distinguished features. First, the user can configure the specific attributes and rule variables referenced in the rule schema and rule instances. Second, the user can edit access control rules as any XML documents and view the rules in multiple views, such as tree view. Third, the editor performs static checks on the constraints specified in the rules to provide early error detection. Thus, we argue that the editor will of significant help to the security administrators.

存取控管規則語言

延申標記語言編輯器

規則語言編輯器

Eclipse外掛程式

Access Control Rule Language

XML Editor

Rule Editor

Eclipse plug-in

結合本體論與案例推理之合理使用推薦 / Ontology-supported case-based reasoning for a fair use recommendation

楊協達, Yang, Xie Da

Unknown Date

網路的發達使得數位內容的流通更加的便利，數位內容擁有者為了避免資料被任意散播，而採用DRM(Digital Rights Management)系統來保護自身的權利。然而DRM系統是採用限制的方式來控管資料的使用，並沒有考量到合理使用的設計，其中主要的原因在於合理使用的規範難以設計且用電腦落實，時常會有一些情況需視個案而定。 本研究希望透過結合本體論推論與案例式比對的來解決合理使用規範難以制定的問題，利用本體論與規則語言進行推論做合理使用判斷，當本體論與規則語言無法判斷時再進行案例式比對，經由案例庫中的合理使用案例，我們可以明確的給予使用者在對數位內容操作上是否為合理使用的依歸，若沒有相符的案例，依舊可以給予使用者一個迫近預期的合理使用建議。 / Thanks to the development of network, it is much more convenient to spread digital contents; nevertheless, digital content owners can only use DRM (Digital Rights Management) system to protect their personal data from unapproved spreading. However, the fair use design is barely taken into consideration in the DRM system since it only uses limit principles to control data-spreading. The main reason is that fair use policy is not only hard to design but also hard to be universally practiced on computers. Furthermore, there are always rooms for fair use cases beyond a general model description. This research aims to combine the advantages of ontology reasoning and case-based reasoning (CBR) to solve the problem of defining and enforcing fair use policy. Applying ontology and the rule language is the first approach to infer fair use decision; following is the CBR. This means that if ontology is not able to infer a fair use through its enforceable policy, then we apply CBR technique by compared with previous fair use cases established in our case base. Therefore, we can always derive a fair use or not fair use decision. Otherwise, we propose a recommendation for how to achieve a fair use or avoid not a fair use.

本體論

規則語言

案例式比對

合理使用

Ontology

Rule language

CBR

fair use

語意性的隱私政策-落實於銀行內部隱私保護的研究 / Semantic privacy policies－Research for the enforcement of privacy protection inside the bank

李家輝, Lee, Chia Hui

Unknown Date

網際網路的興起帶動銀行業電子商務的發展；然而，在開放式的網路環境下，個人的財務、交易等具有隱私的資訊，可能因金融機構本身資訊安全防護技術未落實、資料處理流程權限控管不當、或相關稽核機制不健全等因素，造成銀行個人資料外洩，而影響個人財務及公司商譽的損失。現今在銀行業電子商務的網站上，雖然有使用隱私權政策聲明的方式來表示履行客戶資料隱私保護的責任，但是此形式宣告的方式大於實質保護的意義，沒有任何作用。客戶資料的隱私資訊，亦應受到法律的保護；在我國主要的法律有電腦處理個人資料保護法、內部控制法及金控共同行銷規範等。本研究旨在針對銀行業電子商務交易流程中提出企業內部客戶隱私資料保護的架構模型，將客戶隱私資訊做分類，並遵循相關法律條文規範，以訂立具有語意的隱私權政策來落實企業內部客戶隱私資料的保護。我期望本研究的成果能貢獻未來金融業於客戶隱私資料保護的參考依循。 / The rising of Internet drives the development of e-commerce in banking industry. However, in the opening environment of Internet, the personal and confidential data which includes finance and transaction may be exposed because its poor secure protection technology or improper permission control for the procedure of data processing, or defective auditing mechanism in financial institutes. Therefore, it could influence the loss of personal finance and goodwill of companies. Although the e-commence website of banking industry protect customers’ data through the stated of right to privacy, the announced meaning is far more than the real protection. The customers’ private data should be protected by law, such as Computer Processing Personal Data Protection Act and Rules Concerning Cross-Selling by Financial Holding Company Subsidiaries in Taiwan.The purpose of the thesis offers the enterprise internal privacy construction model which classifies customers’ private data, follows the related law regulation, and establishes semantic privacy policies in order to achieve the protection of enterprise internal customers’ data for the transaction flow of e-commence in banking industry. I expect the research can contribute some references to follow in customers’ data protection for financial institutions in the future.

隱私權

企業隱私偏好平台

語意網

本體論

語意規則語言

隱私偏好平台

個人資料保護法

金控共同行銷規範

電子商務消費者保護綱領

Privacy

E-P3P

Semantic Web

Ontology

SWRL

P3P

XACML

EPAL