Global ETD Search

1	一個可降低Gentry全同態加密演算法公鑰個數之提案 / An Improvement of Gentry’s “Fully Homomorphic Encryption Scheme” by Reducing the Number of Public Keys 陳漢光 Unknown Date (has links) "全同態加密法"(Fully Homomorphic Encryption (FHE))一詞的介紹以及架構源於西元2009年由Gentry所提出。它讓加密後的密文執行特定的運算再將其解密即可得出該對應的明文運算結果，除此之外，全同態與同態最大的不同是它允許兩種或是多種以上的運算元進行資料運算，期間必須可以處理大量的資料並且保護其資料隱私性使其無洩漏之虞。也因為上述特點使得它可被廣泛使用在許多資料庫或是資料儲存上的應用，像是ASP、雲端運算或是雙方相等性驗證上，然而在Gentry的全同態加密中，它需要大量的空間來儲存所需要的公鑰，因此在實作上仍有一定的難度。為了解決上述問題，本文提供了一種新的改良方案使其更有效率來達到全同態加密的實作性，除此之外，我們也會在文章中提出安全性分析來證明本改良方案並不會對安全性造成影響，並且提出系統效能測試，說明本方案除了可減少公鑰儲存空間之外，在時間上，更可降低公鑰生成以及系統加密的時間，讓其全同態運算更具效率。 / C. Gentry in 2009 proposed the first practical scheme which can compute arbitrary functions of encrypted data. This scheme is named “Fully Homomorphic Encryption (FHE)”. FHE allows a worker without the secret decryption key to compute any result of the data on one hand and still keep the data privacy on the other hand. It can be widely used in data storage application or database application, such as ASP, cloud computing and two-party equality testing. However, one drawback of Gentry’s fully homomorphic encryption scheme is that the size of public keys used in this system is extremely large. This means that a lot of space is required in order to store those public keys. This problem causes Gentry’s FHE hard to be implemented. In this thesis, we address the problem above, and give an improvement encryption scheme. Our improvement scheme needs less space to store the public keys which also makes the new scheme more efficient than Gentry’s original scheme. We also give a rigorous security proof to show that our improvement scheme is as secure as Gentry’s original scheme. A system performance test is also provided which shows that our scheme can not only reduce the numbers of public keys, but also reduce the time for public key generation and for encryption. Therefore, our improvement scheme can make fully homomorphic encryption more practical. 全同態加密密碼學秘密計算雲端運算隱私保護
2	整合資料在雲端環境上的分享與隱私保護-以電子病歷資料為例 / Sharing and Protection of Integrated Data in the Cloud : Electronic Health Record as an Example 楊竣展, Yang, Jiun Jan Unknown Date (has links) 由於電子化病歷逐漸取代了傳統的紙本病歷，在流通分享上面比傳統的紙本病歷更加來的方便及快速，另外電子病歷的整合性，也是比傳統的紙本來的有效。近年來雲端運算的發展，使得醫療系統在電子病歷上能夠更快速的發展，但是取而代之的是卻是雲端運算所產生隱私權的問題，在快速發展的雲端運算環境中，目前似乎無法完全確保資料的隱私性。即使現有的研究中可以讓資料擁有者表示自己的隱私偏好，卻因為設計時缺乏語意的考量，造成執行上有語意的落差。本研究將探討電子病歷存放在雲端環境上，設計一套三層整合平台系統並使用語意化技術本體論整合來自多方的資料，達成在資料庫上使用OWL2作為整合的語言，並在此整合平台進行本體論整合，能夠讓使用者可以從多方的醫療中心快速查詢整合的資料，經由整合平台的改寫，到下層的規範擷取到上層平台進行管理與落實動作，最終在資料庫查詢資料，達成整合分享的目標，並同時能夠兼顧資料擁有者的隱私期待，完成在雲端環境上資料分享、整合、隱私保護的目標。 / The Electronic Health Records (EHRs) have replaced the traditional paper Health Records gradually and they are more rapid and more convenient in data sharing. Furthermore, the EHRs are also better than paper health records when health records need to be integrated on the computer. In recent years, the rapid development of cloud computing can help Health Information System to be more dynamic and provide a better service, but the problem of privacy is a critical issue. Although recent research can let data owner expresses his own personal privacy preference in to policy to protect privacy, it is lacked of semantics and that will result in the gap between the real meaning of personal privacy preference and of policy. In our research, we will using semantic technology to express personal privacy preference in to polices and also design the 3-layer integration platform to achieve semantics data integration so that polices can be enforced without loss of real meaning of personal privacy preference and polices will have interoperability with others when we are using semantic data integration. 隱私保護語意網資料整合雲端運算 data integration privacy protection cloud computing semantic web
3	使用本體論與規則執行企業隱私保護規範 / Using ontologies and rules to enforce enterprise privacy protection policies 郭弘毅, Guo, Hong Yi Unknown Date (has links) 在今日愈來愈普及的電子商務方面，客戶資料的搜集來源更加廣泛，對於個人資料外洩的影響將非常嚴重，可能帶來個人財務上或者公司信譽上的重大損失。本研究期望可以建構一個在企業內部(backbone)架構的環境中，透過語意網(Semantic Web)中的本體論(Ontology)和規則(Rule)的加入，希望實現具有語意的個人隱私保護規範架構，實現在語意層級上的隱私權政策安全控管。找出並且驗證以Ontologies+Rules為規範的表達與管理的架構的優勢，以確保各企業伺服器平台在收集客戶個人資料時能夠遵守最初協商後的承諾。最後本研究可以透過第三方平台的架構來加以落實個人資料的流通、分享、與保護。 / In today's increasingly popular e-commerce, ways to collect personal data of customers are is more extensive, and the impact of data disclosure will be very serious, maybe it will cost heavy losses on personal reputation or the credit of companies. We hope to build a in-house (backbone) structure of the environment through the semantic web in the ontology and rules, hoping for enabling the semantics of personal privacy protection normative framework to achieve the privacy policy on the security control. We will identify and verify Ontologies + Rules to regulate the expression of the advantages of the structure and management to ensure that the enterprise platform servers will obey the usage of personal data after their initial consultation commitment. Finally, we propose a third-party platform to enforce data sharing and protection of personal data. 語意網企業隱私保護本體論規則 Semantic Web Enterprise Privacy Protection Ontology Rule
4	政府機關提高隱私保護信任機制之研究－以金融監理為例 / A study on improving the trust mechanism of privacy protection in government agencies -a case of the financial supervision system 林占山 Unknown Date (has links) 個人資料保護係屬隱私權的範疇之一，現代化政府不斷面臨內外在施政環境變遷的衝擊與挑戰，其中資訊科技的快速發展與廣泛運用，更直接衝擊著政府施政定位、服務範圍、運作模式及治理原則。現代化國家在思考打破施政的常規和舊制，面對資訊公開與行政效率要求下，走向電子化政府的道路，也就成為勢之所趨。但另一方面，資訊革命所帶來對隱私與個人資料保護的衝擊，亦較以往更為強烈而深刻。從許多文獻可得知為何民眾可能不信任政府的原因是多方面的，這些原因與他們個人資料安全、隱私權保護及完整性維護是息息相關連的。在政府努力發展電子化政府以便民眾享受其便利性的同時，如何建構政府機關及政府企業間之個人資料隱私保護電子治理機制及協同作業，以強化我國公共治理指標之政府效能、回應力及課責能力，確保個資的合理流通，並能兼顧隱私保護，提昇整體政府信任度，實為電子化政府對人民基本權利之保障及實踐「隱私保護」之重要課題。新版《個人資料保護法》已於民國九十九年四月在立法院三讀通過，在新法實施後，將因擴大適用個資法之主體範圍，規範個人資料蒐集與處理程序，加重持有個資業者的保管責任，並調整資料外洩求償上限至二億元，預計將加重企業蒐集與利用個人資料的成本與相關責任。本研究之目的在於探討政府機關如何透過持續隱私保護IT治理框架及系統，設計有效的「行政程序控制」(administrative procedural control)、課責(Accountability)及透明(Transparency)機制進的定期公開與積極散佈。透過個人控制自己資訊應該如何被處理與使用的資訊自我控制（local control）權利，一方面提高了政府的施政透明度及政府課責，另一方面也增強隱私保護及人民信任度；同時並以金融監理體系為例，如何因應新版個資法的衝擊，有效的調整內部資料蒐集與資安控管流程，試圖以銀行業透過監理機制建構雛型，監督管理金融業之營運，以期能提供客戶最佳之服務，有效避免新個資法為金融機構帶來的營運風險，進而建議政府機關隱私保護之IT架構，冀能提供主動積極安全又便利之服務，以贏取國民對政府之信任與向心力。 / Personal data protection is one of the categories in privacy. Modern governments constantly face impacts and challenges of political environment changes internally and externally, which rapid developments and extensive applications of information technologies affect the government policy positioning, service ranges, operation modes, and governance principles directly. Modern countries are always thinking over to break routines and aged systems of administration. Under requirements of facing the information disclosure and the administration efficiency, it has become a potential of the trend towards the road of e-government. However, on the other hand, compares to impacts of privacy and personal data protection which have been brought about by the revolution of information, currently, it becomes more intense and profound than before. Many literatures reveal why civilians may not trust the government for reasons in multiple aspects which is related closely with their personal data security, privacy protection, and integrity maintenance. In the meantime, in order to strengthen our government performances of public governance indicators, responsiveness, and accountability for ensuring a reasonable flow of private data, taking into account of privacy protection, and enhancing the overall trust into government, government is striving to develop e-government for civilians’ ease to enjoy its convenience, and this is truly the important subject for e-government of how to construct e-governance mechanisms of personal data privacy and collaboration operations between government organizations internally and between government vs. business enterprises externally on the protection of civilians’ basic rights and the practice of "privacy protection”. The new version of “Personal Data Protection Act” has been passed after third reading by Legislative Yuan on April, 2010. After taking effective of this new law, due to the applicable main scope enlargement of Personal Data Protection Act, it regulates personal data collections and processing procedures, expends the custodial responsibility to dealers who own the personal data, and adjusts the limitation of penalty up to NTD$200 millions for data leakage, which expects to enlarge the cost and relative responsibilities to enterprises for collecting and using personal data. The object of this analysis is going to explore how government organizations go through IT government frameworks and systems of the consistent privacy protection to design effective “Administrative Procedural Control”, “Accountability”, and “Transparency” mechanisms for proceeding periodic disclosure and positive broadcast. Not only to increase the transparency of government administration and the government accountability, but also to enhance the privacy protection and the trust to civilians, through the right of information “Local Control”, individual controls over self own information which should be dealt with and used. Meanwhile, for example of governance system in financial industry, how to respond to the impact of the new version in Personal Data Protection Act to adjust internal data collections and information security control processes effectively, and try to build up the prototype through governance mechanisms in banking for supervising and managing operations of financial industry. Furthermore attempt providing clients with the best service to avoid operation risks effectively for financial institutions which are caused by the new version of Personal Data Protection Act, and then suggest the IT infrastructure of privacy protection for government organizations. Hope to be able to provide active, positive, safe, and convenient services for winning upon trust and cohesion from civilians to the government. 隱私保護信任機制滿意度課責透明 privacy protection trust mechanism Effectiveness Accountability Transparency
5	安全多方計算協定描述語言之設計與實作 / A Protocol Description Language for Secure Multi-Party Computation 黃文楷, Huang, Wen Kai Unknown Date (has links) 安全多方計算的研究主要是針對在分散環境下的兩造(或多方)之間，如何在不透露彼此私有的資料的情況下，計算一個約定函數的問題，並要確保除了計算結果及其可能推導出的資訊，不會洩漏額外的私有資料。依此設計出來的函數算法，稱為安全的多方計算協定(protocol)。過去兩年本實驗室根據一套基於向量內積運算(scalar product)發展出的安全多方計算方法，設計了一個雛型的分散式系統框架，開發了一套符合其安全要求的常用算數運算函數庫。但目前個別的應用問題在此系統上發展安全協定的程式時，使用者必須相當熟悉其架構與程式庫細節，才能開發所需程式，造成推廣上的障礙。有鑑於此，本論文採用領域專屬語言(domain-specific language)的方法與技術，針對一般安全多方協定程式的特徵來進行歸納與分析，找出協助其表達計算步驟的適當抽象機制，並在設計上訂定了以下目標： 1. 設計一高階語言用以描述多方安全計算，以提供使用者撰寫安全多方計算程式。 2. 檢查並確保使用者撰寫的程式不會有資訊洩漏。 3. 多方安全運算執行上能保持一定的效率。 4. 建立多方安全計算的運算流程，讓PDL與現有的運作環境配合，達到各伺服器合作運行多方安全計算的目的。朝向這四個目標發展出一套協定描述語言與其編譯器。以便與SMC-Protocol以及其環境合作，協助領域專家以更簡便的方式來設計與實驗更多的安全多方協定。我們稱此語言為多方安全計算協定描述語言(Protocol Description Language, PDL)。 / Protocols for secure multi-party computation (SMC) allow participants to share a computation while each party learns only what can be inferred from their own inputs and the output of the computation. In the past two years, we developed an SMC implementation framework for both integers and floating numbers which comprises a set of arithmetic operations that manipulate secret values among involved parties using the scalar product protocol as the basis. Such a library of arithmetic operations is call building blocks. But using this library is not easy. To solve individual SMC problem, programmer should knowing the given framework and protocol detail very well. This difficulty makes them won't consider this framework while facing the need of SMC. To ease the writing of more complex user-defined protocols, using the technique of domain-specific language, this thesis analysis the general needs of SMC, develop a domain-specific language of SMC, and implement a compiler that coverts this language to SMC code, which is executable code composed of the protocols of given framework. We called this language Protocol Description Language, PDL. 安全多方計算隱私保護領域專屬語言靜態分析 Secure multi-party computation privacy protection domain-specific language static analysis
6	網路企業自律機制對消費者信任影響之研究：隱私保護及交易安全認知觀點潘兆娟, Pan,JJ,joujuan Unknown Date (has links) 本研究之目的在於探究何謂完整之網路企業自律機制？目前廣為採用之信賴標章、規範承諾、網路評分等網路企業自律機制，何者能夠得到消費者信任？網路企業如何透過不同的自律機制，使得消費者認知其交易安全與資訊隱私已被保護？網路消費者如何經由認知其交易安全及資訊隱私已被保護，進而產生其對於網路企業之信任?信賴標章、規範承諾、網路評比等網路企業之自律機制，何者較能夠得到網路消費者的信任？過去研究極少著墨於網路自律機制對於消費者信任之影響，本研究除了希望對於缺乏資源及品牌聲譽之網路企業有所啟發外，也探討網路企業在既有的法律、管理及技術之環境架構下，應如何取得消費者信心，並以文獻探討、問卷分析及個案討論與分析等方法來驗證網路自律機制對於消費者信任之影響。在文獻探討上，本研究針對國內外學者對保護資訊隱私及交易安全之制度及作法、企業自律機制之規範及作法、消費者信心等相關研究加以歸納，並輔以國內外個案研究，一方面摘要學者對以上議題的研究成果與看法，一方面彙整相關文獻，進而發展出本研究相關之研究假設。並從文獻彙整摘要中，提出研究架構及假設，並就各構面及假設之變數賦予操作型定義，選定適宜之統計方法予以檢測，且根據前測問卷之結果，於全省各地進行717份之問卷調查及回收作業。回收之問卷均透過檢查、編碼、整理，並進行樣本特徵、信度與效度分析，進一步驗證及解釋各研究假設。除了定量分析外，本研究亦由十個與問卷相關的個案中，研究該些網路企業之營運模式、產品、服務及交易流程，了解其自律機制與消費者保護之作法，進而與統計分析相關的資料做交叉分析，並對應先前之研究假設，以進一步分析網路企業自律機制、消費者保護構面與消費者信任之間的關係。本研究結果包含三部份，分別為自律機制(信賴標章、承諾規範、網路評比)與消費者保護(資訊隱私保護認知、交易安全保護認知)之關係、消費者保護與消費者信任之關係、自律機制與消費者信任之關係；最後提出五項管理意涵，包括網路企業得到消費者信任之重要因素及關鍵因素、網路企業如何建立專屬的自律機制及消費者保護機制、進而發展值得信賴的網路購物環境。 / The objective of this article is to study on what a complete self-regulatory mechanism of an internet business is, The article also explore if the existing online self-regulatory mechanisms including trustmarks, commitments and rankings are able to get trust of consumers, in order to let consumers recognize their personal data and security of online transactions being protected, thus consumers are able to trust the internet business they deal with? Which of the above existing self-regulatory mechanisms is more capable to get trust of consumers? Even though limited literatures focus on the impact of online self-regulatory mechanisms to trust of consumers, by methodology of literature reviews, quantitative research and case studies, this article not only contributes to internet businesses with limited resources and brand awareness, but also contributed to those internet businesses, under a framework of regulations, management and technology, willing to get trust of consumers. There are also hypotheses to testify relationships between online self-regulatory mechanisms, consumer protection (of personal data and security for online transactions) and trust of consumers. After reviews on literatures of various self-regulatory mechanisms, internet data privacy, transactional security, consumer protection, trust of consumers, this article proposes a research framework including 3 main hypotheses, 3 independent variables, 2 intermediary variables, 1 dependent variables and their operational model. To testify the hypotheses, this article collected 717 samples of survey around the island and 10 case studies. Utilizing multiple regressions and related statistics analyses, most of the hypotheses are supported. Comparing with 3 dimensions of transactional process, self-regulatory mechanisms and consumer protection, 10 cases are found similar to the testing result of hypotheses, but also remained spaces of improvement. At last, this article concludes with 5 managerial implications, including key successful factors and critical factors to get trust of online consumers, how to build a proprietary self-regulatory and a consumer protection mechanisms, thus to set up a complete trustworthy online shopping environment. 網路企業自律機制信賴標章承諾規範網路評比資訊隱私保護交易安全消費者信任 internet business self-regulatory trustmark commitment ranking internet privacy online transactional security consumer trust
7	競爭法上使用者數據之應有定位與可能造成之衝擊 / The Role of User’s Data and Its Possible Impact for Competition Law 張媛筑 Unknown Date (has links) 數位時代孕育大數據技術的發展並帶動產業的創新，使用者數據的運用也日益活躍於商業領域，並分別為消費者與事業帶來便利的生活與競爭優勢。然而蒐集、處理、運用等數據價值鏈活動對於市場競爭造成相當的影響，也成為事業為反競爭行為的誘因，而引起競爭法的關注，多國競爭執法機關亦已陸續展開調查或進行相關研究。由於使用者數據涉及個人資訊隱私，更因其係產業創新的動力之一，從而競爭法管制的合適性與必要性一直為爭議性議題，後續延伸出對於現有競爭法架構的相容性疑義。本文透過文獻與案例分析，從使用者數據的特色出發，探討使用者數據於競爭法框架下之爭議，包含與隱私法規的競合問題及衝擊現行制度之因應方式。基於競爭法適度管制的觀點，提出可能評估市場力量的方式與使用者數據可能形成的限制競爭或不公平競爭之風險類型。冀望對於我國公平交易法就此議題之剖析與因應有所助益，迎接數據經濟的浪潮。 / Big data analytics technology evolves rapidly and enhances the pace of the innovation of industries in the digital era. Utilizing user data, which is a sort of valuable assets, becomes more popular in business. The new technology brings consumers fitted products and convenience and creates competitive advantages to firms. However, collecting, processing and analyzing large sets of user data not only benefit the entities in the market but also impact market competition. Competition agencies around the world have engaged in related investigations and research on data and competition. The mainly concerns are whether the amount of user data may build a barrier to entry, and whether firms which control user data in a massive amount or essential to competition may have incentives to abuse their market power to foreclose marker. Moreover, because user data is one factor of fostering innovation and has a strong correlation with privacy, the suitability and the necessity of competition law to regulate data issue is still controversial. If competition law intervenes, we should further consider how to adapt it to the present regulation. By reviewing academic literature and practical cases, this thesis begins with the introduction of characteristics of user data, followed by the analysis of the controversy concerning user data under the framework of competition law, including the trade-off between it and privacy laws and possible adjustment to the present framework. This paper also discusses the way to assess market power and specific types of anticompetitive and unfair competition behaviors. Finally, this thesis concludes with a short remark. Hopefully it can provide some references for further discussion on this issue under the Fair Trade Act in Taiwan. 使用者數據隱私保護市場競爭管制競爭優勢參進障礙市場力量反競爭行為 User data Privacy protection Competition regulation Competitive advantage Entry barriers Market power Anti-Competitive behavior

1

Page generated in 0.0262 seconds