• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.699-700
• /
• 2014

The use of Radio Frequency Identification technology (RFID) in medical context enables not only drug identification, but also a rapid and precise identification of patients, physicians, nurses or any other healthcare giver. The combination of RFID tag identification with structured and secured Internet of Things (IoT) solutions enables ubiquitous and easy access to medical related records, while providing control and security to all interactions. This paper defines a basic security architecture, easily deployable on mobile platforms, which would allow to establish and manage a medication prescription service in mobility context making use of electronic Personal Health Records. This security architecture is aimed to be used with a mobile e-health application (m-health) through a simple and intuitive interface, supported by RFID technology. This architecture, able to support secured and authenticated interactions, will enable an easy deployment of m-health applications. The special case of drug administration and ubiquitous medication control system, along with the corresponding Internet of Things context, is presented.

• Convergence Security Journal
• /
• v.23 no.1
• /
• pp.79-87
• /
• 2023

Precision Medicine, which utilizes personal health information, genetic information, clinical information, etc., is growing as the next-generation medical industry. In Korea, medical institutions and information communication companies have coll aborated to provide cloud-based Precision Medicine Hospital Information Systems (P-HIS) to about 90 primary medical ins titutions over the past five years, and plan to continue promoting and expanding it to primary and secondary medical insti tutions for the next four years. Precision medicine is directly related to human health and life, making information protecti on and healthcare information protection very important. Therefore, this paper analyzes the preliminary research on inform ation protection models that can be utilized in cloud-based Precision Medicine Hospital Information Systems and ultimately proposes research on ways to improve information protection in P-HIS.

• The Journal of Information Systems
• /
• v.29 no.1
• /
• pp.93-111
• /
• 2020

Purpose The purpose of this paper is to observe the relative priorities of importances among the modified versions of Block chain system, being based on AHP decision support model which should be also proposed in this paper. Design/methodology/approach Four versions modified from the beginning of Block chain were divided into Public& Permissionless, Private&Permissionless, Public&Permissioned and Private&Permissioned types. Five criteria for evaluating the four versions whether the version were suitable for Medical information system were introduced from five factors of Technologies Accept Model, which were Security, Availability, Variety, Reliability and Economical efficiency. We designed Decision support model based on AHP which would select the best alternative version suitable for introducing the Block chain technology into the medical information systems. We established the objective of the AHP model into finding the best choice among the four modified versions. First low layer of the model contains the five factors which consisted of Security, Availability, Variety, Reliability and Economical efficiency. Second low layer of the model contains the four modified versions which consisted Public&Permissionless, Private&Permissionless, Public&Permissioned and Private& Permissioned types. The structural questionnaire based on the AHP decision support model was designed and used to survey experts of medical areas. The collected data by the question investigation was analyzed by AHP analysis technique. Findings The importance priority of Security was highest among five factors of Technologies Accept Mode in the first layer. The importance priority of Private&Permissioned type was highest among four modified versions of Block chain technologies in second low layer. The second importance priority was Private&Permissionless type. The strong point of Private&Permissioned type is to be able to protect personal information and have faster processing speeds. The advantage of Private& Permissionless type is to be also able to protect personal information as well as from forging and altering transaction data. We recognized that it should be necessary to develop new Block chain technologies that would enable to have faster processing speeds as well as from forging and altering transaction data.

• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.3-8
• /
• 2014

Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.77-84
• /
• 2016

In general RBAC(Role-Based-Access Control) model, senior role has junior role's permissions by virtue of role hierarchy. But although the opposite case is needed partially in medical institutions, such case cannot be performed in medical information systems. This is because inheritances of permissions in role hierarchies are static. In order to tackle this problem, this paper defined a dynamic role assignment, thereby proposed the way for the junior temporarily to be able to perform the permissions of the senior, and showed the applications of medical information systems.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.193-200
• /
• 2012

The existing EMR method placing computer servers in hospitals could expose patients' personal information to hospital officers and people for wrong purposes. In addition, if medical malpractice occurs, the possibility of distorting medical records might be higher because patients' medical records are stored in hospitals. This study provides an electronic medical record with a security system to solve patients' information disclosure. The electronic medical record system could be utilized as an important information when medical malpractice occurs. This system can provide higher security services certifying patients safely and efficiently as well as protecting patients' personal information.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.85-94
• /
• 2014

Information Security Check System was Introduced in 2004, higher than in 2013, the effectiveness of Information Security Management System(ISMS) certification scheme was to unification. This is incident to the Internet affecting people's lives telecommunications service provider to target accountability because, considering the subject's duty selection criteria need to be clarified. however, Obligations under the current legislation, subject selection criteria applying the law itself is ambiguous, the result being a significant problem. Moreover, the regulatory system of certification systems subjects, although selection criteria should be clear and objectively not the obligation not to distrust the system itself and the subject was raised many issues for you. In this study, with SMART Technic in order to improve this certification you can easily determine whether a medical person authorized to develop a model for selection of medical subjects, The developed model is verified through empirical ways to improve the system by presenting the system to help, to secure the effectiveness.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.6
• /
• pp.1223-1228
• /
• 2012

The use of a mobile agent in hospital environment offers an opportunity to deliver better services for patients and staffs. Furthermore, medical errors will be reduced because M-health system helps to verify the medical process. Optimized security protocols and mechanisms are employed for the high performance and security. Finally, a challenge in the near future will be converge the integration of Ubiquitous Sensor Network (USN) with security protocols for applying the hospital environment. We proposed secure authentication and protocol with Mobile Agent for ubiquitous sensor network under healthcare system surroundings.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.693-698
• /
• 2004

The cyber attacks on the computer system in nowadays are focused on works that do not operate specific application. The main key point that we protect information security system has an access control to keep an application. Most of system has a main function to protect an infrastructure such as hardware, network and operating system. In this paper, we have presented an intrusion tolerance system that can service an application in spite of cyber attacks. The proposed system is based on the middle ware integrating security mechanism and separate function of application and intrusion tolerance. The main factor we use security system in nowadays is service to keep a persistency. The proposed intrusion tolerance system is applicable to such as medical, national defense and banking system.