• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.115-125
• /
• 2001

Authentication and access control are essential requirements for the information security of distributed environment. Delegation is process whereby an initiator principal in a distributed environment authorizes another principal to carry out some functions on behalf of the former. Delegation of access rights also increases the availability of services offer safety in distributed environments. A delegation easily provides principal to grant privileges in the single domain with Role-Based Access Control(RBAC). But in the multi-domain, initiators who request delegation may require to limit the access right of their delegates with restrictions that are called delegate restriction to protect the abuse of privilege. In this paper, we propose the delegation view as function of delegation restrictions. Proposed delegation view model not only prevent over-exposure of documents from granting multiple step delegation to document sharing in multi-domain with RBAC infrastructure but also reduce overload of security administrator and communication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.17-25
• /
• 2007

Delegation of signing capability is a common practice in various applications. Mambo et al. proposed a proxy signatures as a solutions for delegation of signing capability. Proxy signatures allow a designated proxy signer to sign on behalf of an original signer. After the concept of proxy signature scheme is proposed, many variants are proposed to support more general delegation setting. To capture all possible delegation structures, the concept of delegation network was proposed by Aura. ID-based cryptography, which is suited for flexible environment, is desirable to construct a delegation network. Chow et al proposed an ID-based delegation network. In the computational point of view, their solution requires E pairing operations and N elliptic curve scalar multiplications where E and N are the number of edges and nodes in a delegation structure, respectively. In this paper, we proposed an efficient ID-based delegation network which requires only E pairing operations. Moreover, we can design a modified delegation network that requires only N pairing operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.1 no.2
• /
• pp.56-63
• /
• 2006

In this paper, we propose the integrated security management framework supporting the trust for the ubiquitous environments. The proposed framework provides the gathering and analysis of the security related information including the location of mobile device and then dynamically configures the security policy and adopts them. More specially, it supports the authentication and delegation service to support the trusted security management for the ubiquitous networks. This system also provides the visible management tools to give the convenient view for network administrator.

• Journal of Physiology & Pathology in Korean Medicine
• /
• v.19 no.2
• /
• pp.295-303
• /
• 2005

YangDongChangHwaHuRok(兩東唱和後錄)is a book that organized the conversation between Joseon physician Ki-DuMun(奇斗文) and Japanese Acupuncture specialist Murakami Tanio(村上溪南) and others when they visited the quarters where the Choson Delegation(朝鮮通信使) were staying in, while the Choson Delegation party were visiting Japan in 1711. YangDongChangHwaHuRok(兩東唱和後錄) was discovered in the process of gathering medicine-related historical documents of the Choson Dynasty that is spread out all over the Japanese region, with the help from Japanese and Chinese scholars. This was part of the Co-Examination-Research-Process of korean medical documents that are located in the East Asia traditional medical region, which was promoted by the Korean Institute of Oriental Medicine in 2003. This paper has analyzed in-depth, with an inner-medical view, the academic exchange content of YangDongChangHwaHuRok(兩東唱和後錄) by following the order of the main text. With this examination, we were able discover new facts about the interest in Primary Symptom(是動病) and Secondary Symptom(所生病) of 17th century doctors, a new hypothesis on the diffusion of HeoYim(許任)'s ChimGuKyungHeomBang(鍼灸經驗方) in Japan, the existence of a new acupuncture tool called ChongChim(腫鍼), and the influence of the 18th comtemporay famous traditional medical books (it is called UiHakYipMun(醫學入門) and ShinEungKyung(神應經) on the 18th century East Asian medical circle. We were also able to ascertain the specific medical content that was diffused to the Japanese medical circle by the Korean medical circle.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.167-175
• /
• 2010

Like most large organizations, there are business rules such as 'separation of duty' and 'delegation' which should be considered in access control. From a SOD point of view, previous SOD models built on the (Administrative) Role-Based Access Control model cannot present the best solution to security problems such as information integrity by the limited constituent units such as role hierarchy and role inheritance. Thus, we propose a new integrated management model of administration role-based access control model and SOD policy, which is called the OS-SoDAM. The OS-SoDAM defines the authority range in an organizational structure that is separated from role hierarchy and supports a decentralized security officer-level SOD policy in which a local security officer can freely perform SOD policies within a security officer's authority range without the security officer's intervention.

• Journal of Korea Technology Innovation Society
• /
• v.19 no.3
• /
• pp.439-464
• /
• 2016

The technical regulation and conformity assessment procedure of our country on ICT equipments is currently required to have more innovation due to the request of main trade countries, the second phase conclusion of MRA, necessity of expansion of conformity assessment service market and demand of manufacturers. The world's leading advanced countries have already proceeded with innovation based on privatization plan. According to the comparative analysis of the level, it turned out that Japan obtained the highest level of privatization while South Korea ranked the lowest level. According to the research result of examination and certification ability of private institutions of our country, it turned out that our country is expected to have possibility of achieving higher level of privatization than that of the present. Moreover, according to the questionnaire survey conducted to the persons concerned regarding privatization direction, they gave positive response to all the indicated survey contents of privatization direction in terms of "delegation of certification services to private sectors (contracting-out)", "transformation of EMC into private voluntary standard" and "changeover of conformity assessment agent". However, from the view of acceptance and conflict model, it is estimated that starting from "delegation of certification services to private sectors (contracting-out)" seems to be the most advisable plan. Also, prior to privatization, it is required to improve relevant systems such as certification examiner system.

• Journal of the Korean Society of Safety
• /
• v.29 no.1
• /
• pp.86-92
• /
• 2014

This paper provides an integrated view on human and system interaction in advanced and automated systems, which adopting computerized multi-functional artifacts and complicated organizations, such as nuclear power plants, chemical plants, steel and semi-conduct manufacturing system. As current systems have advanced with various automated equipments but human operators from various organizations are involved in the systems, system safety still remains uncertain. Especially, a human operator plays an important role at the time of critical conditions that can lead to catastrophic accidents. The knowledge on human error helps a risk manager as well as a designer to create and control a more credible system. Several human error theories were reviewed and adopted for forming the integrated perspective: gulf of execution and evaluation; risk homeostasis; the ironies of automation; trust in automation; design affordance; distributed cognition; situation awareness; and plan delegation theory. The integrated perspective embraces human error theories within three levels of human-system interactions such as affordance level, psychological logic level and trust level. This paper argued that risk management process should dealt with human errors by providing (1) reasoning improvement; (2) support to situation awareness of operators; and (3) continuous monitoring on harmonization of human system interaction. This approach may help people to understand risk of human-system interaction failure characteristics and their countermeasures.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.13
• /
• pp.69-81
• /
• 2000

Under the co-sponsorship of UNIDROIT and I.C.A.O., a preliminary draft Convention on International Interests in Mobile Equipment and a preliminary draft Protocol on Matters Specific to Aircraft Equipment has been prepared. The purpose of the Convention is to provide for the creation and effect of a new international interest in mobile equipment. The Convention's approach is quite novel in that it purports to create an international interest based upon the convention itself. The Convention is intended to be supplemented by Protocols, each of is intended to provide equipment-specific rules necessary to adapt the rules of the Convention to fit the special pattern of financing for different categories of equipment. To date, two sessions of governmental experts were held in Rome and Montreal. Korean delegations attended the two sessions. One of the members of the Korean delegation published a report on the first session. He expressed his objection to the so called self-help remedy contemplated by the current preliminary draft of the Convention which enables the holder of a security interest to repossess and dispose of the subject of the security interest by private sale rather than public auction on the occurrence of an event of default of the debtor. His view is based upon his understanding that under Korean law, the only remedy available to the holder of a security interest in mobile equipment, such as an airplane, is to apply to the competent court for a public auction. In my view, his understanding is not quite correct and is inconsistent with the current practice in Korea. Under Korean law, the parties' agreement for private sale is in principle valid unless there is an interested party who has acquired a security interest after the creation of the prior security interest or a creditor who has caused the subject of the security interest to be attached by a competent court. In this article, I discuss the current Korean law and practice relating to the enforcement of security interests by private sale in more detail.

• STI Policy Review
• /
• v.4 no.1
• /
• pp.94-118
• /
• 2013

Innovation plays a large role in green growth. While it is a widely accepted view that, without innovation, it would be very difficult and costly to address major environmental issues, innovation itself tends to be constrained by limited access to eco-financing and is inherently risky, often requiring a long-term horizon. Although global consensus is more or less established as to the urgency and necessity of accelerating green innovation, the quality and quantity of financing in this area is largely insufficient, with increasing funding gaps in many countries. A new financial mechanism is urgently needed in order to re-orient financial flow and enable innovators to overcome the valleys of death that occur throughout the innovation cycle. A number of different modalities exist in financing the commercialisation of eco-innovation. Existing mechanisms have not been as successful as expected, revealing critical limits to furthering certain types of projects that are essential for economic and environmental progress. Experts' estimations have shown that the funding gap will widen in the coming years as demand for clean energy and green infrastructure rises, and as green technologies and innovation develop faster than the market for it can develop. Against this backdrop, the main purpose of this research is threefold: to identify issues and problems regarding current means of funding for eco-innovation and green projects; to provide insight into securing longterm green financing by looking at European cases; and ultimately to suggest policy implications for designing and implementing eco-specific financial instruments, focusing on governments' roles in sustainable financing for eco-innovation. This study analyses different models of financing mechanisms, a mix of public and private funds, in view of suggesting conditions for the sustainable financing of green projects, especially for large-scale high-risk projects. Based on the findings from the analyses of mechanisms and the shortcomings of the existing funding modalities, this study ultimately suggests policy implications for effectively supporting the commercialisation of eco-innovation.