Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/29689
|
Title: | 語意性的隱私政策-落實於銀行內部隱私保護的研究 Semantic privacy policies-Research for the enforcement of privacy protection inside the bank |
Authors: | 李家輝 Lee, Chia Hui |
Contributors: | 胡毓忠 Hu, Yuh Jong 李家輝 Lee, Chia Hui |
Keywords: | 隱私權 企業隱私偏好平台 語意網 本體論 語意規則語言 隱私偏好平台 個人資料保護法 金控共同行銷規範 電子商務消費者保護綱領 Privacy E-P3P Semantic Web Ontology SWRL P3P XACML EPAL |
Date: | 2007 |
Issue Date: | 2009-09-11 16:03:59 (UTC+8) |
Abstract: | 網際網路的興起帶動銀行業電子商務的發展;然而,在開放式的網路環境下,個人的財務、交易等具有隱私的資訊,可能因金融機構本身資訊安全防護技術未落實、資料處理流程權限控管不當、或相關稽核機制不健全等因素,造成銀行個人資料外洩,而影響個人財務及公司商譽的損失。現今在銀行業電子商務的網站上,雖然有使用隱私權政策聲明的方式來表示履行客戶資料隱私保護的責任,但是此形式宣告的方式大於實質保護的意義,沒有任何作用。客戶資料的隱私資訊,亦應受到法律的保護;在我國主要的法律有電腦處理個人資料保護法、內部控制法及金控共同行銷規範等。本研究旨在針對銀行業電子商務交易流程中提出企業內部客戶隱私資料保護的架構模型,將客戶隱私資訊做分類,並遵循相關法律條文規範,以訂立具有語意的隱私權政策來落實企業內部客戶隱私資料的保護。我期望本研究的成果能貢獻未來金融業於客戶隱私資料保護的參考依循。 The rising of Internet drives the development of e-commerce in banking industry. However, in the opening environment of Internet, the personal and confidential data which includes finance and transaction may be exposed because its poor secure protection technology or improper permission control for the procedure of data processing, or defective auditing mechanism in financial institutes. Therefore, it could influence the loss of personal finance and goodwill of companies. Although the e-commence website of banking industry protect customers’ data through the stated of right to privacy, the announced meaning is far more than the real protection. The customers’ private data should be protected by law, such as Computer Processing Personal Data Protection Act and Rules Concerning Cross-Selling by Financial Holding Company Subsidiaries in Taiwan.The purpose of the thesis offers the enterprise internal privacy construction model which classifies customers’ private data, follows the related law regulation, and establishes semantic privacy policies in order to achieve the protection of enterprise internal customers’ data for the transaction flow of e-commence in banking industry. I expect the research can contribute some references to follow in customers’ data protection for financial institutions in the future. |
Reference: | 一、中文部份 行政院消費者保護委員會-電子商務消費者.http://www.cpc.gov.tw. 金管會金融控股公司.http://www.banking.gov.tw/. 金融控股公司法.http://law.moj.gov.tw. 楊亨利、邱顯貴,民89,「台灣地區網站對個人資料保護之資訊隱私政策調查」,第六屆資訊管理暨實務研討會,新竹市。 銀行內部控制及稽核制度實施辦法.http://law.moj.gov.tw. 銀行法.http://law.moj.gov.tw. 電腦處理個人資料保護法及修正草案.http://law.moj.gov.tw. 二、英文部份 [1] A.I. Antón, Q. He and D. Baumer. "The Complexity Underlying JetBlue’s Privacy Policy Violations”. IEEE Intelligence(IJCAI’01),pages 225-230,Seattle,WA. [27]TRAVIS D. BREAUX, ANNIE I. ANT´ON and JON DOYLE,North Carolina State University. “Semantic Parameterization:A Process for Modeling Domain Descriptions”. NCSU CSC Technical Report, No. TR-2006- 35, October 2006. [28]Vinith Bindiganavale and Dr. Jinsong yang,Member.“Role Based Access Control in Enterprise Application – Security Administration and User Management”,IEEE. [29]William F. Adkinson Jr.,Jeffrey A. Eisenach and Thomas Security & Privacy,to Appear. M. Lenard.“Privacy Online: A Report on the Information Practices and Policies of Commercial Web Sites.”,The Progress & Freedom Foundation 2001. [30]W3C. Platform for Privacy Preferences. Available at http://www.w3.org/P3P. [2] A.I. Antón, J.B. Earp, D. Bolchini, Q. He, C. Jensen and W. Stufflebeam. “The Lack of Clarity in Financial Privacy Policies and the Need for Standardization”. IEEE Security & Privacy, 2(2),pp.36- 45, 2004. [3] Annie I. Antón, Elisa Bertino, Ninghui Li,and Ting Yu.“A Roadmap For Comprehensive Online Privacy Policy Management”, Communications of the ACM ,2007. [4] Charles D. Raab,“The future of privacy protection”. Cyber Trust & Crime Prevention Project 2004. [5] Christine Golbreich.Laboratoire d’Informatique Médicale,Université Rennes 1 Avdu Pr. Léon Bernard, 35043 Rennes, France. “Combining Rule and Ontology Reasoners for the Semantic Web”. [6] eXtensible Access Control Markup Language Available at http:// http://www.oasis-open.org/ [7] Financial Privacy: The Gramm-Leach Bliley Act, Federal TradeCommission,1999. http://www.ftc.gov/privacy/glbact/ [8] Gramm-Leach-Bliley Act.Available at http://www.ftc.gov/privacy/glbact/glbsub1.htm [9] G. Karjoth, M. Schunter and M. Waidner. “ Platform for Enterprise Privacy Practices:Privacy-Enabled Management of Customer Data”.In Proceedings of the Second International Workshop on Privacy Enhancing Technologies (PET 2002), LNCS 2482,pp. 69-84, 2003. [10]G. Karjoth and M. Schunter.“A Privacy Policy Model for Enterprises”. In 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press,2002. [11]G. Karjoth, M. Schunter and E. Van Herreweghe.“ Translating Privacy Practices into Privacy Promises - How to Promise What You Can Keep”. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), pp. 135- 146,June 2003. [12]Guarino,N.,“Formal Ontology and Information Systems,” Proc. Of the 1st International Conference,Trento,Italy,6-8,IOS Press(amended version), pp.3-15,1998. [13]Horrocks,I.,et al.(2004). “SWRL:A Semantic Web Rule Language Combining OWL and RuleML.” http://www.w3.org/Submission/2004/SUBM-SWRL-20040521/. [14]Jason Reid, Juan M. Gonzlez Nieto, Ed Dawson, Eiji Okamoto. “Privacy and Trusted Computing”,IEEE Computer Society 2003. [15]Knublauch, H., M. A. Musen and A. L. Rector. (2004)“Editing description logics ontologies with the Protege OWL plugin.” International Workshop on Description Logics, Whistler, BC, Canada. [16]Mitra P., Wiederhold G., and Kersten M. (2000),“A Graph-Oriented Model for Articulation of Ontology Interdependencies”,Extending Database Technology2000 (EDBT’2000),Konstanz,Germany. [17]N. Li, T. Yu and A. I. Antón.“A semantics-based approach to privacy languages”.CERIAS Technical Report TR 2003-28, Purdue University,November 2003. [18]Noy, N.F., and Musen, M.A. (1999). SMART: Automated Support for Ontology Merging and Alignment. Submitted to the Twelth Workshop on Knowledge Acquisition, Modeling, and Management, 1999. Banff,Canada. [19]Noy N. F. and Musen M. A. (2000), “PROMPT:Algorithm and tool for Automated Ontology Merging and Alignment”, 17th National Conference on Artificial Intelligence(AAAI’00),Austin Texas,pp450-455. [20]N. F. Noy, D. L. McGuinness, "Ontology Development 101: A guide to Creating Your First Ontology," 2001 Stanford University [21]P.Ashley, M. Schunter.“The Platform for Enterprise Privacy Practices” ,Information Security Solutions Europe (ISSE), Paris, 2002. [22]P. Ashley, S. Hada, G. Karjoth and M. Schunter.“ E-P3P Privacy Policies and Privacy Authorization.” Proc. of the Workshop on Privacy in the Electronic Society (WPES’02).Washington D.C. November 21, 2001. [23]Ashley, S. Hada, G. Karjoth, C. Powers and M. Schunter. Enterprise Privacy Authorization Language (EPAL 1.1) Specification. IBM Research Report. http://www.zurich.ibm.com/security/enterprise- privacy/epal. 2003. [24]S. De Capitani di Vimercati, S. Foresti, S. Jajodia, P. Samarati,“Access Control Policies and Languages in Open Environments”, in Secure Data Management in Decentralized Systems, T. Yu and S. Jajodia (eds), Springer-Verlag, 2007. [25]Studer, R., V. R. Benjamins & D. Fensel, “Knowledge Engineering: Principles and Methods”, Data and Knowledge Engineering, Vol. 25, Issue. 1-2, pp. 161-197. [26]Stumme G. and Madche A.(2001),“FCA-Merge: Bottom-up merging of ontologies”,In 7th Intl.Conf.on Artificial |
Description: | 碩士 國立政治大學 資訊科學學系 94971015 96 |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0094971015 |
Data Type: | thesis |
Appears in Collections: | [資訊科學系] 學位論文
|
Files in This Item:
File |
Size | Format | |
index.html | 0Kb | HTML2 | 587 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|