| dc.contributor.advisor | 胡毓忠 | zh_TW |
| dc.contributor.advisor | Hu, Yuh Jong | en_US |
| dc.contributor.author (Authors) | 李家輝 | zh_TW |
| dc.contributor.author (Authors) | Lee, Chia Hui | en_US |
| dc.creator (作者) | 李家輝 | zh_TW |
| dc.creator (作者) | Lee, Chia Hui | en_US |
| dc.date (日期) | 2007 | en_US |
| dc.date.accessioned | 11-Sep-2009 16:03:59 (UTC+8) | - |
| dc.date.available | 11-Sep-2009 16:03:59 (UTC+8) | - |
| dc.date.issued (上傳時間) | 11-Sep-2009 16:03:59 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0094971015 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/29689 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學學系 | zh_TW |
| dc.description (描述) | 94971015 | zh_TW |
| dc.description (描述) | 96 | zh_TW |
| dc.description.abstract (摘要) | 網際網路的興起帶動銀行業電子商務的發展;然而,在開放式的網路環境下,個人的財務、交易等具有隱私的資訊,可能因金融機構本身資訊安全防護技術未落實、資料處理流程權限控管不當、或相關稽核機制不健全等因素,造成銀行個人資料外洩,而影響個人財務及公司商譽的損失。現今在銀行業電子商務的網站上,雖然有使用隱私權政策聲明的方式來表示履行客戶資料隱私保護的責任,但是此形式宣告的方式大於實質保護的意義,沒有任何作用。客戶資料的隱私資訊,亦應受到法律的保護;在我國主要的法律有電腦處理個人資料保護法、內部控制法及金控共同行銷規範等。本研究旨在針對銀行業電子商務交易流程中提出企業內部客戶隱私資料保護的架構模型,將客戶隱私資訊做分類,並遵循相關法律條文規範,以訂立具有語意的隱私權政策來落實企業內部客戶隱私資料的保護。我期望本研究的成果能貢獻未來金融業於客戶隱私資料保護的參考依循。 | zh_TW |
| dc.description.abstract (摘要) | The rising of Internet drives the development of e-commerce in banking industry. However, in the opening environment of Internet, the personal and confidential data which includes finance and transaction may be exposed because its poor secure protection technology or improper permission control for the procedure of data processing, or defective auditing mechanism in financial institutes. Therefore, it could influence the loss of personal finance and goodwill of companies. Although the e-commence website of banking industry protect customers’ data through the stated of right to privacy, the announced meaning is far more than the real protection. The customers’ private data should be protected by law, such as Computer Processing Personal Data Protection Act and Rules Concerning Cross-Selling by Financial Holding Company Subsidiaries in Taiwan.The purpose of the thesis offers the enterprise internal privacy construction model which classifies customers’ private data, follows the related law regulation, and establishes semantic privacy policies in order to achieve the protection of enterprise internal customers’ data for the transaction flow of e-commence in banking industry. I expect the research can contribute some references to follow in customers’ data protection for financial institutions in the future. | en_US |
| dc.description.tableofcontents | 第一章 導論 1 1.1 研究背景 1 1.2 研究目的 2 1.3 已完成項目 3 1.4 各章節概述 3 第二章 相關研究 4 2.1 國際網站隱私權及立法現況 4 2.1.1 網站隱私現況 4 2.1.2 國內網站隱私現況 5 2.1.3 國內金控網站隱私現況 5 2.1.4 P3P網站隱私宣告問題 7 2.1.5 美國立法現況 7 2.1.6 國內立法現況 7 2.1.7 國內外立法現況比較 8 2.2 各種隱私政策比較 8 2.2.1 E-P3P與EPAL隱私政策語言比較 9 2.2.3 E-P3P與P3P隱私政策語言比較 12 2.2.4 E-P3P與XACML語言比較 13 2.2.5 E-P3P存在的問題 15 2.3隱私政策語言語意問題 16 2.3.1 形式化語意(Formal Semantic)問題 16 2.3.2 語意與邏輯表達問題 17 2.3.3 FOL、DL與Logic Program 18 2.4本體論與規則 19 2.4.1 本體論概述 19 2.4.2 本體論與關聯式資料庫 20 2.4.3 規則概述 21 2.4.4 OWL與SWRL 21 2.4.5本體論與規則結合 23 2.5 本研究示意圖 24 第三章 企業隱私系統架構 25 3.1 企業隱私架構改善 25 3.2 存取控制語言 28 3.3 可信賴平台(Trusted Platform) 28 第四章 企業隱私架構設計 30 4.1 隱私架構設計 30 4.2 本體論分類 31 4.3 本體論結合 32 4.3.1 單一本體論與多個本體論 32 4.3.2 本體論結合方式 33 4.3.3 本體論合併方法 35 4.3.3.1 Onions 35 4.3.3.2 FCA-Merge 36 4.3.3.3 PROMPT 36 4.3.3.4 本體論合併的比較 38 4.4 本體論建構 40 4.4.1 建構企業隱私本體論 40 4.4.1.1 資料使用者(DataUsers)本體論 40 4.4.1.1.1 存取控制(Access Control)與角色存取控制 (RBAC) 40 4.4.1.2 資料使用者(Data Users)本體論 41 4.4.1.3資料種類(DataTypes)本體論 43 4.4.1.5 目的(Purpose)本體論 44 4.4.1.6 限制(Constrains)本體論 46 4.5 企業內部客戶資料存取規則及流程 47 4.6 本體論控管機制(Ontology Control) 49 4.7 使用SWRL(Semantic Web Rule Language)建立隱私規則 52 4.7.1 SWRL描述 52 4.7.2 建立SWRL規則及控管機制實 53 4.8 企業隱私資訊控管使用情境 58 第五章 企業隱私系統實作 70 5.1 使用工具 70 5.2 Protégé 實作本體論及規則 72 5.3 實作結果問題探討 76 第六章 結論與未來展望 77 6.1 研究結論 77 6.2 本論文的貢獻 79 6.3 未來展望 79 | zh_TW |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0094971015 | en_US |
| dc.subject (關鍵詞) | 隱私權 | zh_TW |
| dc.subject (關鍵詞) | 企業隱私偏好平台 | zh_TW |
| dc.subject (關鍵詞) | 語意網 | zh_TW |
| dc.subject (關鍵詞) | 本體論 | zh_TW |
| dc.subject (關鍵詞) | 語意規則語言 | zh_TW |
| dc.subject (關鍵詞) | 隱私偏好平台 | zh_TW |
| dc.subject (關鍵詞) | 個人資料保護法 | zh_TW |
| dc.subject (關鍵詞) | 金控共同行銷規範 | zh_TW |
| dc.subject (關鍵詞) | 電子商務消費者保護綱領 | zh_TW |
| dc.subject (關鍵詞) | Privacy | en_US |
| dc.subject (關鍵詞) | E-P3P | en_US |
| dc.subject (關鍵詞) | Semantic Web | en_US |
| dc.subject (關鍵詞) | Ontology | en_US |
| dc.subject (關鍵詞) | SWRL | en_US |
| dc.subject (關鍵詞) | P3P | en_US |
| dc.subject (關鍵詞) | XACML | en_US |
| dc.subject (關鍵詞) | EPAL | en_US |
| dc.title (題名) | 語意性的隱私政策-落實於銀行內部隱私保護的研究 | zh_TW |
| dc.title (題名) | Semantic privacy policies-Research for the enforcement of privacy protection inside the bank | en_US |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | 一、中文部份 | zh_TW |
| dc.relation.reference (參考文獻) | 行政院消費者保護委員會-電子商務消費者.http://www.cpc.gov.tw. | zh_TW |
| dc.relation.reference (參考文獻) | 金管會金融控股公司.http://www.banking.gov.tw/. | zh_TW |
| dc.relation.reference (參考文獻) | 金融控股公司法.http://law.moj.gov.tw. | zh_TW |
| dc.relation.reference (參考文獻) | 楊亨利、邱顯貴,民89,「台灣地區網站對個人資料保護之資訊隱私政策調查」,第六屆資訊管理暨實務研討會,新竹市。 | zh_TW |
| dc.relation.reference (參考文獻) | 銀行內部控制及稽核制度實施辦法.http://law.moj.gov.tw. | zh_TW |
| dc.relation.reference (參考文獻) | 銀行法.http://law.moj.gov.tw. | zh_TW |
| dc.relation.reference (參考文獻) | 電腦處理個人資料保護法及修正草案.http://law.moj.gov.tw. | zh_TW |
| dc.relation.reference (參考文獻) | 二、英文部份 | zh_TW |
| dc.relation.reference (參考文獻) | [1] A.I. Antón, Q. He and D. Baumer. "The Complexity | zh_TW |
| dc.relation.reference (參考文獻) | Underlying JetBlue’s Privacy Policy Violations”. IEEE | zh_TW |
| dc.relation.reference (參考文獻) | Intelligence(IJCAI’01),pages 225-230,Seattle,WA. | zh_TW |
| dc.relation.reference (參考文獻) | [27]TRAVIS D. BREAUX, ANNIE I. ANT´ON and JON DOYLE,North | zh_TW |
| dc.relation.reference (參考文獻) | Carolina State University. “Semantic | zh_TW |
| dc.relation.reference (參考文獻) | Parameterization:A Process for Modeling Domain | zh_TW |
| dc.relation.reference (參考文獻) | Descriptions”. NCSU CSC Technical Report, No. TR-2006- | zh_TW |
| dc.relation.reference (參考文獻) | 35, October 2006. | zh_TW |
| dc.relation.reference (參考文獻) | [28]Vinith Bindiganavale and Dr. Jinsong yang,Member.“Role | zh_TW |
| dc.relation.reference (參考文獻) | Based Access Control in Enterprise Application – | zh_TW |
| dc.relation.reference (參考文獻) | Security Administration and User Management”,IEEE. | zh_TW |
| dc.relation.reference (參考文獻) | [29]William F. Adkinson Jr.,Jeffrey A. Eisenach and Thomas | zh_TW |
| dc.relation.reference (參考文獻) | Security & Privacy,to Appear. | zh_TW |
| dc.relation.reference (參考文獻) | M. Lenard.“Privacy Online: A Report on the Information | zh_TW |
| dc.relation.reference (參考文獻) | Practices and Policies of Commercial Web Sites.”,The | zh_TW |
| dc.relation.reference (參考文獻) | Progress & Freedom Foundation 2001. | zh_TW |
| dc.relation.reference (參考文獻) | [30]W3C. Platform for Privacy Preferences. Available at | zh_TW |
| dc.relation.reference (參考文獻) | http://www.w3.org/P3P. | zh_TW |
| dc.relation.reference (參考文獻) | [2] A.I. Antón, J.B. Earp, D. Bolchini, Q. He, C. Jensen | zh_TW |
| dc.relation.reference (參考文獻) | and W. Stufflebeam. “The Lack of Clarity in Financial | zh_TW |
| dc.relation.reference (參考文獻) | Privacy Policies and the Need for | zh_TW |
| dc.relation.reference (參考文獻) | Standardization”. IEEE Security & Privacy, 2(2),pp.36- | zh_TW |
| dc.relation.reference (參考文獻) | 45, 2004. | zh_TW |
| dc.relation.reference (參考文獻) | [3] Annie I. Antón, Elisa Bertino, Ninghui Li,and Ting | zh_TW |
| dc.relation.reference (參考文獻) | Yu.“A Roadmap For Comprehensive Online Privacy Policy | zh_TW |
| dc.relation.reference (參考文獻) | Management”, Communications of the ACM ,2007. | zh_TW |
| dc.relation.reference (參考文獻) | [4] Charles D. Raab,“The future of privacy protection”. | zh_TW |
| dc.relation.reference (參考文獻) | Cyber Trust & Crime Prevention Project 2004. | zh_TW |
| dc.relation.reference (參考文獻) | [5] Christine Golbreich.Laboratoire d’Informatique | zh_TW |
| dc.relation.reference (參考文獻) | Médicale,Université Rennes 1 Avdu Pr. Léon Bernard, | zh_TW |
| dc.relation.reference (參考文獻) | 35043 Rennes, France. “Combining Rule and Ontology | zh_TW |
| dc.relation.reference (參考文獻) | Reasoners for the Semantic Web”. | zh_TW |
| dc.relation.reference (參考文獻) | [6] eXtensible Access Control Markup Language Available at | zh_TW |
| dc.relation.reference (參考文獻) | http:// http://www.oasis-open.org/ | zh_TW |
| dc.relation.reference (參考文獻) | [7] Financial Privacy: The Gramm-Leach Bliley Act, Federal | zh_TW |
| dc.relation.reference (參考文獻) | TradeCommission,1999. http://www.ftc.gov/privacy/glbact/ | zh_TW |
| dc.relation.reference (參考文獻) | [8] Gramm-Leach-Bliley Act.Available at | zh_TW |
| dc.relation.reference (參考文獻) | http://www.ftc.gov/privacy/glbact/glbsub1.htm | zh_TW |
| dc.relation.reference (參考文獻) | [9] G. Karjoth, M. Schunter and M. Waidner. “ Platform for | zh_TW |
| dc.relation.reference (參考文獻) | Enterprise Privacy Practices:Privacy-Enabled Management | zh_TW |
| dc.relation.reference (參考文獻) | of Customer Data”.In Proceedings of the Second | zh_TW |
| dc.relation.reference (參考文獻) | International Workshop on Privacy Enhancing | zh_TW |
| dc.relation.reference (參考文獻) | Technologies (PET 2002), LNCS 2482,pp. 69-84, 2003. | zh_TW |
| dc.relation.reference (參考文獻) | [10]G. Karjoth and M. Schunter.“A Privacy Policy Model for | zh_TW |
| dc.relation.reference (參考文獻) | Enterprises”. In 15th IEEE Computer Security | zh_TW |
| dc.relation.reference (參考文獻) | Foundations Workshop. IEEE Computer Society Press,2002. | zh_TW |
| dc.relation.reference (參考文獻) | [11]G. Karjoth, M. Schunter and E. Van Herreweghe.“ | zh_TW |
| dc.relation.reference (參考文獻) | Translating Privacy Practices into Privacy Promises - | zh_TW |
| dc.relation.reference (參考文獻) | How to Promise What You Can Keep”. In Proceedings of | zh_TW |
| dc.relation.reference (參考文獻) | the 4th IEEE International Workshop on Policies for | zh_TW |
| dc.relation.reference (參考文獻) | Distributed Systems and Networks (POLICY 2003), pp. 135- | zh_TW |
| dc.relation.reference (參考文獻) | 146,June 2003. | zh_TW |
| dc.relation.reference (參考文獻) | [12]Guarino,N.,“Formal Ontology and Information Systems,” | zh_TW |
| dc.relation.reference (參考文獻) | Proc. Of the 1st International | zh_TW |
| dc.relation.reference (參考文獻) | Conference,Trento,Italy,6-8,IOS Press(amended version), | zh_TW |
| dc.relation.reference (參考文獻) | pp.3-15,1998. | zh_TW |
| dc.relation.reference (參考文獻) | [13]Horrocks,I.,et al.(2004). “SWRL:A Semantic Web Rule | zh_TW |
| dc.relation.reference (參考文獻) | Language Combining OWL and RuleML.” | zh_TW |
| dc.relation.reference (參考文獻) | http://www.w3.org/Submission/2004/SUBM-SWRL-20040521/. | zh_TW |
| dc.relation.reference (參考文獻) | [14]Jason Reid, Juan M. Gonzlez Nieto, Ed Dawson, Eiji | zh_TW |
| dc.relation.reference (參考文獻) | Okamoto. “Privacy and Trusted Computing”,IEEE | zh_TW |
| dc.relation.reference (參考文獻) | Computer Society 2003. | zh_TW |
| dc.relation.reference (參考文獻) | [15]Knublauch, H., M. A. Musen and A. L. Rector. | zh_TW |
| dc.relation.reference (參考文獻) | (2004)“Editing description logics ontologies with the | zh_TW |
| dc.relation.reference (參考文獻) | Protege OWL plugin.” International Workshop on | zh_TW |
| dc.relation.reference (參考文獻) | Description Logics, Whistler, BC, Canada. | zh_TW |
| dc.relation.reference (參考文獻) | [16]Mitra P., Wiederhold G., and Kersten M. (2000),“A | zh_TW |
| dc.relation.reference (參考文獻) | Graph-Oriented Model for Articulation of Ontology | zh_TW |
| dc.relation.reference (參考文獻) | Interdependencies”,Extending Database Technology2000 | zh_TW |
| dc.relation.reference (參考文獻) | (EDBT’2000),Konstanz,Germany. | zh_TW |
| dc.relation.reference (參考文獻) | [17]N. Li, T. Yu and A. I. Antón.“A semantics-based | zh_TW |
| dc.relation.reference (參考文獻) | approach to privacy languages”.CERIAS Technical | zh_TW |
| dc.relation.reference (參考文獻) | Report TR 2003-28, Purdue University,November 2003. | zh_TW |
| dc.relation.reference (參考文獻) | [18]Noy, N.F., and Musen, M.A. (1999). SMART: Automated | zh_TW |
| dc.relation.reference (參考文獻) | Support for Ontology Merging and Alignment. Submitted | zh_TW |
| dc.relation.reference (參考文獻) | to the Twelth Workshop on Knowledge Acquisition, | zh_TW |
| dc.relation.reference (參考文獻) | Modeling, and Management, 1999. Banff,Canada. | zh_TW |
| dc.relation.reference (參考文獻) | [19]Noy N. F. and Musen M. A. (2000), “PROMPT:Algorithm | zh_TW |
| dc.relation.reference (參考文獻) | and tool for Automated Ontology Merging and | zh_TW |
| dc.relation.reference (參考文獻) | Alignment”, 17th National Conference on Artificial | zh_TW |
| dc.relation.reference (參考文獻) | Intelligence(AAAI’00),Austin Texas,pp450-455. | zh_TW |
| dc.relation.reference (參考文獻) | [20]N. F. Noy, D. L. McGuinness, "Ontology Development 101: | zh_TW |
| dc.relation.reference (參考文獻) | A guide to Creating Your First Ontology," 2001 Stanford | zh_TW |
| dc.relation.reference (參考文獻) | University | zh_TW |
| dc.relation.reference (參考文獻) | [21]P.Ashley, M. Schunter.“The Platform for Enterprise | zh_TW |
| dc.relation.reference (參考文獻) | Privacy Practices” ,Information Security Solutions | zh_TW |
| dc.relation.reference (參考文獻) | Europe (ISSE), Paris, 2002. | zh_TW |
| dc.relation.reference (參考文獻) | [22]P. Ashley, S. Hada, G. Karjoth and M. Schunter.“ E-P3P | zh_TW |
| dc.relation.reference (參考文獻) | Privacy Policies and Privacy Authorization.” Proc. of | zh_TW |
| dc.relation.reference (參考文獻) | the Workshop on Privacy in the Electronic Society | zh_TW |
| dc.relation.reference (參考文獻) | (WPES’02).Washington D.C. November 21, 2001. | zh_TW |
| dc.relation.reference (參考文獻) | [23]Ashley, S. Hada, G. Karjoth, C. Powers and M. Schunter. | zh_TW |
| dc.relation.reference (參考文獻) | Enterprise Privacy Authorization Language (EPAL 1.1) | zh_TW |
| dc.relation.reference (參考文獻) | Specification. IBM Research Report. | zh_TW |
| dc.relation.reference (參考文獻) | http://www.zurich.ibm.com/security/enterprise- | zh_TW |
| dc.relation.reference (參考文獻) | privacy/epal. 2003. | zh_TW |
| dc.relation.reference (參考文獻) | [24]S. De Capitani di Vimercati, S. Foresti, S. Jajodia, P. | zh_TW |
| dc.relation.reference (參考文獻) | Samarati,“Access Control Policies and Languages in | zh_TW |
| dc.relation.reference (參考文獻) | Open Environments”, in Secure Data Management in | zh_TW |
| dc.relation.reference (參考文獻) | Decentralized Systems, T. Yu and S. Jajodia (eds), | zh_TW |
| dc.relation.reference (參考文獻) | Springer-Verlag, 2007. | zh_TW |
| dc.relation.reference (參考文獻) | [25]Studer, R., V. R. Benjamins & D. Fensel, “Knowledge | zh_TW |
| dc.relation.reference (參考文獻) | Engineering: Principles and Methods”, Data and | zh_TW |
| dc.relation.reference (參考文獻) | Knowledge Engineering, Vol. 25, Issue. 1-2, pp. 161-197. | zh_TW |
| dc.relation.reference (參考文獻) | [26]Stumme G. and Madche A.(2001),“FCA-Merge: Bottom-up | zh_TW |
| dc.relation.reference (參考文獻) | merging of ontologies”,In 7th Intl.Conf.on Artificial | zh_TW |
