| Title |
Design of GDPR Compliant Personal Information Management Procedure in the IoT Devices |
| Authors |
이용(Yong Lee) ; 김화종(Hwa Jong Kim) ; 이구연(Goo Yeon Lee) |
| DOI |
https://doi.org/10.5573/ieie.2020.57.10.3 |
| Keywords |
GDPR; IoT; IoT Device; Personal information; Lifecycle management |
| Abstract |
Since IoT devices are often installed externally, and theft and duplication risks from attackers exist, it is necessary to design procedures to prevent leakage of stored personal information in the devices. As personal information is created, collected, stored, processed, delivered, and disposed of within IoT devices, stage-by-state protection procedures should be considered. In this paper, we study personal information management method that meets GDPR in IoT devices, and propose personal information management procedure in each life cycle to prevent leakage of personal information due to theft and duplication by attackers. In the proposed method, the encryption key can be used for each user to optimize the IoT environment so that various users access, and even if the IoT device is stolen or replicated, the attacker cannot obtain personal information. As such, the procedure proposed in this paper satisfies the personal information management requirements set by the GDPR, and therefore, it is expected to contribute to the development of the IoT business field that handles personal information. |