• Convergence Security Journal
• /
• v.8 no.4
• /
• pp.41-49
• /
• 2008

VoIP is a service that changes the analogue audio signal into a digital signal and then transfers the audio information to the users after configuring it as a packet; and it has an advantage of lower price than the existing voice call service and better extensibility. However, VoIP service has a system structure that, compared to the existing PSTN (Public Switched Telephone Network), has poor call quality and is vulnerable in the security aspect. To make up these problems, TLS service was introduced to enhance the security. In practical system, however, since QoS problem occurs, it is necessary to develop the VoIP security system that can satisfy QoS at the same time in the security aspect. In this paper, a user authentication VoIP system that can provide a service according to the security and the user through providing a differential service according to the approach of the users by adding AA server at the step of configuring the existing VoIP session is suggested. It was found that the proposed system of this study provides a quicker QoS than the TLS-added system at a similar level of security. Also, it is able to provide a variety of additional services by the different users.

• The Korean Journal of Rehabilitation Nursing
• /
• v.16 no.1
• /
• pp.37-46
• /
• 2013

Purpose: This study was to identify the effects of a nurse-led education program using computerized animation video for post-operative colon cancer patients. Methods: a total of 163 patients and 51 nurses were participated in this study. With a non-equivalent control group post-test design, patients were divided into three groups (77 got traditional education, 46 were applying brochure, 40 were watching video). Twelve-item animation video and brochure about the management after discharge for post-operative colon cancer patients were developed based on patient survey and the items of Korea Healthcare Accreditation. Results: The computerized video watching group had better satisfaction than the others, but there was no significant difference about comprehension. When video was applied, satisfaction, usefulness, application, and perceived patients' comprehension of nurses were all increased. Conclusion: This video education program was developed by nurses and it had a special thing for patient to access the same program even after discharge using the authorization system. It would be helpful for nurses to be more concentrated on the direct care for hospitalized patients as well as for patients to provide self-care at home. This program would be adjusted into more various diseases and settings.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• v.2
• /
• pp.33-37
• /
• 2006

Since 1993, the civil aviation community through RTCA (Radio Technical Commission for Aeronautics) and the ICAO (International Civil Air Navigation Organization) have been working on the definition of GNSS augmentation systems that will provide improved levels of accuracy and integrity. These augmentation systems have been classified into three distinct groups: Aircraft Based Augmentation Systems (ABAS), Space Based Augmentation Systems (SBAS) and Ground Based Augmentation Systems (GBAS). The last one is an implemented system to support Air Navigation in CAT-I approaching operation. It consists of three primary subsystems: the GNSS Satellite subsystem that produces the ranging signals and navigation messages; the GBAS ground subsystem, which uses two or more GNSS receivers. It collects pseudo ranges for all GNSS satellites in view and computes and broadcasts differential corrections and integrity-related information; the Aircraft subsystem. Within the area of coverage of the ground station, aircraft subsystems may use the broadcast corrections to compute their own measurements in line with the differential principle. After selection of the desired FAS for the landing runway, the differentially corrected position is used to generate navigation guidance signals. Those are lateral and vertical deviations as well as distance to the threshold crossing point of the selected FAS and integrity flags. The Department of Applied Science in Naples has create for its study a virtual GBAS Ground station. Starting from three GPS double frequency receivers, we collect data of 24h measures session and in post processing we generate the GC (GBAS Correction). For this goal we use the software Pegasus V4.1 developed from EUROCONTROL. Generating the GC we have the possibility to study and monitor GBAS performance and integrity starting from a virtual functional architecture. The latter allows us to collect data without the necessity to found us authorization for the access to restricted area in airport where there is one GBAS installation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1103-1113
• /
• 2020

Hospitals store and manage personal and health information through the electronic medical record (EMR). However, vulnerabilities and threats are increasing with the provision of various services for information sharing in hospitals. Therefore, in this paper, we propose a model to prevent personal information leakage due to the transmission of patient information in EMR. A method for granting permission to securely receive and transmit patient information from hospitals where patient medical records are stored is proposed using OAuth authorization tokens. A protocol was proposed to enable secure information delivery by applying and delivering the record access restrictions desired by the patient to the OAuth Token. OAuth Delegation Token can be delivered by writing the authority, scope, and time of destruction to view patient information.This prevents the illegal collection of patient information and prevents the leakage of personal information that may occur during the delivery process.

• Health Policy and Management
• /
• v.4 no.1
• /
• pp.138-175
• /
• 1994

The objectives of this study are (i) to review current situations and problems of the occupational health care system with emphasis on reforming the organizations and services, (ii) to find out a disirable occupational health system model based on integration of the occupational health system and the general health system, and finally, (iii) to suggest policy implications in occupational health services in the light of objectives of the newly emerging national health insurance reform in Korea. The major policy implications of this study are as follows: 1. In the long-run, within the occupational health system, preventive occupational health services such as employees' physical check-up, working environment examination, etc should financially be integrated with industrial accident compensation insurance. Currently separately paying expenses for each different category of services by the owner of an enterprise should be disbursed once through the payment of contributions of industrial accident compensation insurance. And then, it is necessary to strengthen and expand the role and function of industrial accident compensation insurance to cover preventive occupational health services. 2. The occupational health system should be integrated with general health system for its effective management. For the short-term policy, it is necessary to eliminate fiscal and access barrier between industrial accident compensation insurance and national health insurance by means of ex post facto settlement of accounts. The duplication of employees' physical check- ups between under the health insurance program and under the industrial health services must be coordinated in a manner either through mutual authorization by the two parties concerned or through merge into the health insurance. 3. The intent of current employees' physical check-up system focused on detection of occupational diseases, should be converted to an idea of medical surveillance system or biological moritoring system. The introduction of medical surveillance or biological monitoring system is a necessary condition to build a positive, effective and inexpensive occupational health care system.

• Journal of Internet Computing and Services
• /
• v.21 no.4
• /
• pp.25-34
• /
• 2020

In the current medical information system, a system environment is constructed in which Biometric data generated by using IoT or medical equipment connected to a patient can be stored in a medical information server and monitored at the same time. Also, the patient's biometric data, medical information, and personal information after simple authentication using only the ID / PW via the mobile terminal of the medical staff are easily accessible. However, the method of accessing these medical information needs to be improved in the dimension of protecting patient's personal information, and provides a quick authentication system for first aid. In this paper, we implemented an automatic authentication system based on the patient's situation and evaluated its performance. Patient's situation was graded into normal and emergency situation, and the situation of the patient was determined in real time using incoming patient biometric data from the ward. If the patient's situation is an emergency, an emergency message including an emergency code is send to the mobile terminal of the medical staff, and they attempted automatic authentication to access the upper medical information of the patient. Automatic authentication is a combination of user authentication(ID/PW, emergency code) and mobile terminal authentication(medical staff's role, working hours, work location). After user authentication, mobile terminal authentication is proceeded automatically without additional intervention by medical staff. After completing all authentications, medical staffs get authorization according to the role of medical staffs and patient's situations, and can access to the patient's graded medical information and personal information through the mobile terminal. We protected the patient's medical information through limited medical information access by the medical staff according to the patient's situation, and provided an automatic authentication without additional intervention in an emergency situation. We performed performance evaluation to verify the performance of the implemented automatic authentication system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.5-14
• /
• 2017

Many web services which use OAuth Protocol offer users to log in using their personal profile information given by resource servers. This method reduces the inconvenience of the users to register for new membership. However, at the time a user finishes using OAuth client web service, even if he logs out of the client web service, the resource server remained in the login state may cause the problem of leaking personal information. In this paper, we propose a solution to mitigate the threat by providing an additional security behavior check: when a user requests to log out of the Web Client service, he or she can make decision whether or not to log out of the resource server via confirmation notification regarding the state of the resource server. By utilizing the proposed method, users who log in through the OAuth Protocol in the public PC environment like department stores, libraries, printing companies, etc. can prevent the leakage of personal information issues that may arise from forgetting to check the other OAuth related services. To verify our study, we implement a Client Web Service that uses OAuth 2.0 protocol and integrate it with our security behavior check. The result shows that with this additional function, users will have a better security when dealing with resource authorization in OAuth 2.0 implementation.

• Journal of KIISE:Information Networking
• /
• v.35 no.4
• /
• pp.345-354
• /
• 2008

Recently, small-scale mobile network which is composed of many mobile devices in a man becomes popular. Also, Examples of large-scale mobile network can be thought access networks deployed on public transportation such as ships, trains and buses. To provide seamless mobility for mobile nodes in this mobile network, binding update messages must be exchanged frequently. However, it incurs network overhead increasingly and decreases energy efficiency of mobile router. If we try to reduce the number of the messages to cope with the problem, it may happen the security -related problems conversely Thus, mobile router needs a effective algorithm to update location information with low cost and to cover security problems. In this paper, mobility management scheme based on mobile router's mobility pattern is proposed. Whenever each mobile router leaves a visiting network, it records related information as moving log. And then it periodically computes mean resident time for all visited network, and saves them in the profile. If each mobile router moves into the visited network hereafter, the number of binding update messages can be reduced since current resident time may be expected based on the profile. At this time, of course, security problems can happen. The problems, however, are solved using key credit, which just sends some keys once. Through extensive experiments, bandwidth usages are measured to compare binding update messages in proposed scheme with that in existing scheme. From the results, we can reduce about 65% of mobility-management-related messages especially when mobile router stays more than 50 minutes in a network. Namely, the proposed scheme improves network usage and energy usage of mobile router by decreasing the number of messages and authorization procedure.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.60-66
• /
• 2020

In this paper, the FIDO (Fast IDentity Online) transaction certification platform was proposed for applying the DID (Decentralized ID) of blockchain with home shopping channels to the IPTV service providers based on the Remocon (Remote Control). In this case, the DID based smart remocon applies biometric identification techniques for personal identification. These individual DID smart remote controls apply distributed ID blockchain, enabling home shopping viewers to conduct reliable ratings surveys through the detection of channel changed information. In addition, this smart remocon utilizes the product purchased information history on home shopping channels, allowing IPTV's home shopping viewers to compare the same broadcasted production information on all channels by blockchain technique and their production characteristics. IPTV service providers can process home shopping order/authorization informations in one-stop service via a number of home shopping broadcasting companies, and DID smart remote controls for home shopping viewers with the checking results of their real-time online access to confirm the FIDO2.0 transaction certification homepage. Thus, the FIDO transaction authentication platforms of IPTV service provider(Telecommunication company) can be expected to improve the benefits of home shopping customers, and to reduce the broadcasting companies' burden of payment, too.

• Journal of Korean Society of Archives and Records Management
• /
• v.13 no.3
• /
• pp.151-171
• /
• 2013

To comprehend the importance and necessity of record management metadata standard implemented in an electronic medical records system, a survey was undertaken to 50 medical records managers in charge of 5 major hospitals in Seoul. Analysis of the survey results was performed by averaging the responses given by those who answered the survey. SPSS was utilized for statistical analysis. Managers of medical records placed importance on metadata that are related to security of records, such as "levels of security", "types of access to medical records", "levels of authorization granted to personnel", and "users accessing medical records". It shows that these managers need the functions of privacy protection in ERMS. Metadata on "external disclosure" had the lowest level but those surveyed with more than 7 years of experience placed greater importance in this area more those surveyed with less than 7 years of experience in a hospital. This shows that managers need the functions of external disclosure to meet the needs of third partiesfor medical research and medical education.