• Journal of Internet Computing and Services
• /
• v.21 no.4
• /
• pp.25-34
• /
• 2020

In the current medical information system, a system environment is constructed in which Biometric data generated by using IoT or medical equipment connected to a patient can be stored in a medical information server and monitored at the same time. Also, the patient's biometric data, medical information, and personal information after simple authentication using only the ID / PW via the mobile terminal of the medical staff are easily accessible. However, the method of accessing these medical information needs to be improved in the dimension of protecting patient's personal information, and provides a quick authentication system for first aid. In this paper, we implemented an automatic authentication system based on the patient's situation and evaluated its performance. Patient's situation was graded into normal and emergency situation, and the situation of the patient was determined in real time using incoming patient biometric data from the ward. If the patient's situation is an emergency, an emergency message including an emergency code is send to the mobile terminal of the medical staff, and they attempted automatic authentication to access the upper medical information of the patient. Automatic authentication is a combination of user authentication(ID/PW, emergency code) and mobile terminal authentication(medical staff's role, working hours, work location). After user authentication, mobile terminal authentication is proceeded automatically without additional intervention by medical staff. After completing all authentications, medical staffs get authorization according to the role of medical staffs and patient's situations, and can access to the patient's graded medical information and personal information through the mobile terminal. We protected the patient's medical information through limited medical information access by the medical staff according to the patient's situation, and provided an automatic authentication without additional intervention in an emergency situation. We performed performance evaluation to verify the performance of the implemented automatic authentication system.

• Journal of KIISE:Computing Practices and Letters
• /
• v.9 no.2
• /
• pp.146-157
• /
• 2003

Our experience with Internet-based scientific collaboratories indicates that they need to be user-extensible, allow users to add tools and objects dynamically to workspaces, per mit users to move work dynamically between private and shared workspaces, and be easily accessible on the Internet. We present the software architecture of a development environment, called Collaboratory Builder's Environment(CBE), for building collaboratories to meet such needs. CBE provides user extensibility by allowing a collaboratory to be constructed as a collection of collaborative applets. To support dynamic reconfiguration of shared workspaces, CBE uses the metaphor of room that can contain applets, users, and arbitrary data objects. Rooms can be used not only for synchronous collaboration but also for asynchronous collaboration by supporting persistence. For the access over the Internet room participants are given different roles with appropriate access rights. A prototype of the model has been implemented in Java and can be run from a Java-enabled Web browser. The implemented system had been used by 95 users including 79 space scientists around the world in a scientific campaign that ran for 4 days. The usage evaluation of the campaign is also presented.

• Journal of Digital Contents Society
• /
• v.13 no.1
• /
• pp.101-110
• /
• 2012

Recently, social network sites are very popular with the enhancement of mobile device function and distribution. This gives rise to the registrations of the people on the social network sites and the usage of services on the social sites is also getting active. However, social network sites' venders do not provide services enough compared to the demand of users' to share contents from diverse roots by users effectively. In addition, the personal information can be revealed improperly in processes sharing policies and it is obvious that it raises a privacy invasion problem when users access the contents created from diverse devices according to the relationship by policies. However, the existing methods for the integration management of social network are weak to solve this problem. Thus, we propose a model to preserve user privacy, categorize contents efficiently, and give the access control permissions at the same time. In this paper, we encrypt policies and the trusted third party classifies the encrypted policies when the social network sites share the generated contents by users. In addition, the proposed model uses the RCBAC model to manage the contents generated by various devices and measures the similarity between relationships after encrypting when the user policies are shared. So, this paper can contribute to preserve user policies and contents from malicious attackers.

• Journal of Korean Society of Archives and Records Management
• /
• v.13 no.3
• /
• pp.151-171
• /
• 2013

To comprehend the importance and necessity of record management metadata standard implemented in an electronic medical records system, a survey was undertaken to 50 medical records managers in charge of 5 major hospitals in Seoul. Analysis of the survey results was performed by averaging the responses given by those who answered the survey. SPSS was utilized for statistical analysis. Managers of medical records placed importance on metadata that are related to security of records, such as "levels of security", "types of access to medical records", "levels of authorization granted to personnel", and "users accessing medical records". It shows that these managers need the functions of privacy protection in ERMS. Metadata on "external disclosure" had the lowest level but those surveyed with more than 7 years of experience placed greater importance in this area more those surveyed with less than 7 years of experience in a hospital. This shows that managers need the functions of external disclosure to meet the needs of third partiesfor medical research and medical education.

• Korean Journal of Labor Studies
• /
• v.19 no.1
• /
• pp.1-34
• /
• 2013

Labor share of income in Korea has fallen from 90% in 1996 to 79% in 2010. This paper explores the factors driving the movements in the labor share of income based on a panel dataset containing 19 years of data on 18 Korean manufacturing industries. The effects of technical progress, globalization and the bargaining power of labor and capital on the labor share of income are tested for the period of 1991-2009. The main empirical results are as follows. (1) Capital-aug menting technical prog ress measured by capital-labor ratio and R&D intensity has a negative effect on the labor share. (2) Market openness measured by the value of export and import as a ratio to value-added production is found to have a positive impact. (3) Globalization of production measured by inward-FDI and outward-FDI as a ratio to total domestic fixed capital is found to have a negative impact on the labor share. (4) Union density is found to have had a statistically significant effect in 1991-1998. This finding is consistent with the efficient bargain model in which firms and workers bargain over both wages and employment. But union density is insignificant in 2000-2009. This implies that since the financial crisis in 1997, the bargaining institution in Korea has been approaching the right-to-manage model in which firms and unions bargain over wages and then firms set employment unilaterally. (5) Variables for domestic financialization measured by dividend-income ratio and financial-fixed assets ratio have an insignificant effect on labor share.

• Korean Security Journal
• /
• no.59
• /
• pp.37-69
• /
• 2019

According to viewpoints of researchers and stakeholders, various opinions can be suggested on self-governing police system. Therefore, success of Korean self-governing police system will be defending on how to balance among conflicting values such as Empowerment, Political neutrality, Financial issues, Comprehensive competence in maintaining public safety. Before the launching of self-governing police system nation-wide, the experience of Jeju provincial police will be valuable model case. In specific, enlargement of work scope of self-governing police in Jeju province which has been introduced since last year will be a useful reference. There is more pessimism about self-governing police of Jeju province so far. However, this perspective is mostly based on the issue regarding hardwares such as manpower, equipment, law and organization. Issues regarding softwares such as organizational culture, operation system and work process need more attention to evaluate self-governing police system properly. To mark the first year after enlargement of work scope of Jeju police, this study demonstrate the overall result and implications of self-governing police of Jeju province based on documents, statistics, reports and media reports. In result, several preconditions are needed to implement the self-governing police system nation-wide successfully. 1. Strengthen the link between local government and local police 2. Establish the foundation for collaboration of state and local police 3. Enhance the aspect of citizen autonomy in local level 4. Reinforcing the capability of handling situation of state and local police 5. Invigorating the inter-organizational working group to operate self-governing police system effectively. The self-governing police system is unclosed topic to discuss. After this study, in-depth studies should be followed with more resources. Particularly, additional perspective including redundancy and equity need to be considered regarding self-governing police. By getting with the changes of macroscopic trends - lowbirth and aging, the fourth industrial revolution and possible reunification of north and south Koreas - these studies should suggest the long-term blueprint of self-governing police system of Korea.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.117-157
• /
• 2021

This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.

• The Korean Journal of Air & Space Law and Policy
• /
• v.27 no.1
• /
• pp.3-27
• /
• 2012

Although aviation safety and security have been improving, which has made air transportation more reliable, the international aviation community has witnessed a steady increase in the number of unruly passenger incidents. Under international law, the Tokyo Convention (The Convention on Offences and Certain Other Acts Committed on Board Aircraft of 1963) is applicable to unruly passenger issues. While the Tokyo Convention has been a successful convention which 185 member states have ratified, it has its shortcomings. Three major shortcomings are related to definition, jurisdiction, and enforcement. Firstly, the Tokyo Convention does not provide for a definition of unruly passengers, thereby resulting in a situation where conduct that may be considered to be a criminal offence in the country of embarkation may not be a criminal offence in the country where the aircraft lands. Having different definitions may lead to ineffective action on the part of air carriers. Secondly, the fact that the state of landing does not bear jurisdiction produces circumstances in which it is impossible to punish an unruly passenger who clearly committed an offence on board. Thirdly, the Tokyo Convention only recognizes the competence of the state of registry to exercise criminal jurisdiction but does not impose the duty to actually use that competence in any specific case. Along with ratifying the Tokyo Convention, Korea enacted the Aviation Navigation Safety Act in 1974 as a domestic legal approach to dealing with the problem of unruly passengers. Partially reflecting the ICAO's model legislation, Circular 288, the Aviation Safety and Security Act was enacted in 2002. Although the Korean Aviation Safety and Security Act is a comprehensive act which has been constantly updated, there is no provision with respect to jurisdiction and only the Korean criminal code is applicable to jurisdiction. The Korean criminal code establishes its jurisdiction in connection with territoriality, nationality and registration, which is essentially the same as the jurisdictional principles of the Tokyo Convention. Thus, the domestic legal regime cannot close the jurisdictional gap either. Similarly, Korean case law would not take an active posture to jurisdiction unless the offence in question is a serious one, such as hijacking. A Special Sub Committee of the ICAO Legal Committee (LCSC) was established to examine the feasibility of introducing amendments to the Convention on Offences and Certain Other Acts Committed on Board Aircraft of 1963 with particular reference to the issue of unruly passengers. The result of the ICAO's findings should lead to the modernization of the Tokyo Convention, thereby reducing the number of incidents caused by unruly passengers and enabling all parties concerned to respond to unruly passengers more effectively.

• Journal of International Area Studies (JIAS)
• /
• v.22 no.2
• /
• pp.81-110
• /
• 2018

In this paper, we examined the regional economic integration, the trade negotiation strategy and bargaining power of the European Union through the logical structure of the three - dimensional game theory. In the three - dimensional game theory, the negotiator emphasized that the negotiation strategy of the triple side existed while simultaneously operating the game standing on the boundary of each side game, constrained from each direction or occasionally using the constraint as an opportunity. The study of three-dimensional game theory is aimed at organizing the process of coordinating opinions and meditating interests at the international level, regional level and member level by the regional union as a subject of negotiation. This study would compare and analyze the recently concluded EU-Japan EPA (Economic Partnership Agreement) negotiation process with the case of the EU FTA, and summarize the logic of the three-dimensional game theory applicable to the FTA of the regional economic partnership. Furthermore, the study would illustrate the strategies of the regional economic cooperatives to respond to negotiations. The area of trade policy at the EU level has already been completed by the exclusive power of the Union on areas where it is difficult to politicize with technical features. Moreover, the fact that the policy process at the Union level has not been revealed as a political issue, and that the public opinion process is a double-step approach. In conclusion, the EU's trade policy process constitutes a complicated and sophisticated process with the allocation of authority by various central organizations. The mechanism of negotiation is paradoxically simplified because of the common policy decision process and the structural characteristics of the trade zone, and the bargaining power at the community level is enhanced. As a result, the European Commission would function as a very strong negotiator in bilateral trade negotiations at the international level.

• Information Systems Review
• /
• v.18 no.4
• /
• pp.17-42
• /
• 2016

Information security incidents caused by authorized insiders are increasing in financial firms, and this increase is particularly increased by outsourced contractors. With the increase in outsourcing in financial firms, outsourced contractors having authorized right has become a threat and could violate an organization's information security policy. This study aims to analyze the differences between own employees and outsourced contractors and to determine the factors affecting the violation of information security policy to mitigate information security incidents. This study examines the factors driving employees to violate information security policy in financial firms based on the theory of planned behavior, general deterrence theory, and information security awareness, and the moderating effects of employee type between own employees and outsourced contractors. We used 363 samples that were collected through both online and offline surveys and conducted partial least square-structural equation modeling and multiple group analysis to determine the differences between own employees (246 samples, 68%) and outsourced contractors (117 samples, 32%). We found that the perceived sanction and information security awareness support the information security policy violation attitude and subjective norm, and the perceived sanction does not support the information security policy behavior control. The moderating effects of employee type in the research model were also supported. According to the t-test result between own employees and outsourced contractors, outsourced contractors' behavior control supported information security violation intention but not subject norms. The academic implications of this study is expected to be the basis for future research on outsourced contractors' violation of information security policy and a guide to develop information security awareness programs for outsourced contractors to control these incidents. Financial firms need to develop an information security awareness program for outsourced contractors to increase the knowledge and understanding of information security policy. Moreover, this program is effective for outsourced contractors.