• Journal of KIISE:Databases
• /
• v.32 no.3
• /
• pp.243-253
• /
• 2005

Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these methods, the performance of processing queries has not been addressed. A query processor cannot identify the contents of encrypted XML data unless the data are decrypted. This limitation incurs overhead of decrypting the parts of the XML data that would not contribute to the query result. In this paper, we propose the notion of query-aware decryption for efficient processing of queries against encrypted XML data. Query-aware decryption allows us to decrypt only those parts that would contribute to the query result. For this purpose, we disseminate an encrypted XML index along with the encrypted XML data. This index, when decrypted, informs us where the query results are located in the encrypted XML data, thus preventing unnecessary decryption for other parts of the data. Since the size of this index is much smaller than that of the encrypted XML data, the cost of decrypting this index is negligible compared with that for unnecessary decryption of the data itself. The experimental results show that our method improves the performance of query processing by up to 6 times compared with those of existing methods. Finally, we formally prove that dissemination of the encrypted XML index does not compromise security.

• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• The Korean Journal of Air & Space Law and Policy
• /
• v.1
• /
• pp.147-162
• /
• 1989

The current status of the application and interpretation of the Warsaw Convention and its subsequent Protocols in Asian countries is in its fredgling stages compared to the developed countries of Europe and North America, and there is thus little published information about the various Asian governments' treatment and courts' views of the Warsaw System. Due to that limitation, the accent of this paper will be on Korea and Japan. As one will be aware, the so-called 'Warsaw System' is made up of the Warsaw Convention of 1929, the Hague Protocol of 1955, the Guadalajara Convention of 1961, the Guatemala City Protocol of 1971 and the Montreal Additional Protocols Nos. 1,2,3 and 4 of 1975. Among these instruments, most of the countries in Asia are parties to both the Warsaw Convention and the Hague Protocol. However, the Republic of Korea and Mongolia are parties only to the Hague Protocol, while Burma, Indonesia and Sri Lanka are parties only to the Warsaw Convention. Thailand and Taiwan are not parties only to the convention or protocol. Among Asian states, Indonesia, the Phillipines and Pakistan are also parties to the Guadalajara Convention, but no country in Asia has signed the Guatemala City Protocol of 1971 or the Montreal Additional Protocols, which Protocols have not yet been put into force. The People's Republic of China has declared that the Warsaw Convention shall apply to the entire Chinese territory, including Taiwan. 'The application of the Warsaw Convention to one-way air carriage between a state which is a party only to the Warsaw Convention and a state which is a party only to the Hague Protocol' is of particular importance in Korea as it is a signatory only to the Hague Protocol, but it is involved in a great deal of air transportation to and from the united states, which in turn is a party only to the Warsaw Convention. The opinion of the Supreme Court of Korea appears to be, that parties to the Warsaw Convention were intended to be parties to the Hague Protocol, whether they actually signed it or not. The effect of this decision is that in Korea the United States and Korea will be considered by the courts to be in a treaty relationship, though neither State is a signatory to the same instrument as the other State. The first wrongful death claim in Korea related to international carriage by air under the Convention was made in Hyun-Mo Bang, et al v. Korean Air Lines Co., Ltd. case. In this case, the plaintiffs claimed for damages based upon breach of contract as well as upon tort under the Korean Civil Code. The issue in the case was whether the time limitation provisions of the Convention should be applicable to a claim based in tort as well as to a claim based in contract. The Appellate Court ruled on 29 August 1983 that 'however founded' in Article 24(1) of the Convention should be construed to mean that the Convention should be applicable to the claim regardless of whether the cause of action was based in tort or breach of contract, and that the plaintiffs' rights to damages had therefore extinguished because of the time limitation as set forth in Article 29(1) of the Convention. The difficult and often debated question of what exactly is meant by the words 'such default equivalent to wilful misconduct' in Article 25(1) of the Warsaw Convention, has also been litigated. The Supreme Court of Japan dealt with this issue in the Suzuki Shinjuten Co. v. Northwest Airlines Inc. case. The Supreme Court upheld the Appellate Court's ruling, and decided that 'such default equivalent to wilful misconduct' under Article 25(1) of the Convention was within the meaning of 'gross negligence' under the Japanese Commercial Code. The issue of the convention of the 'franc' into national currencies as provided in Article 22 of the Warsaw Convention as amended by the Hague Protocol has been raised in a court case in Korea, which is now before the District Court of Seoul. In this case, the plaintiff argues that the gold franc equivalent must be converted in Korean Won in accordance with the free market price of gold in Korea, as Korea has not enacted any law, order or regulation prescribing the proper method of calculating the equivalent in its national currency. while it is unclear if the court will accept this position, the last official price of gold of the United States as in the famous Franklin Mint case, Special Drawing Right(SDR) or the current French franc, Korean Air Lines has argued in favor of the last official price of gold of the United States by which the air lines converted such francs into us Dollars in their General Conditions of Carriage. It is my understanding that in India, an appellate court adopted the free market price valuation. There is a report as well saying that if a lawsuit concerning this issue were brought in Pakistan, the free market cost of gold would be applied there too. Speaking specifically about the future of the Warsaw System in Asia though I have been informed that Thailand is actively considering acceding to the Warsaw Convention, the attitudes of most Asian countries' governments towards the Warsaw System are still wnot ell known. There is little evidence that Asian countries are moving to deal concretely with the conversion of the franc into their own local currencies. So too it cannot be said that they are on the move to adhere to the Montreal Additional Protocols Nos. 3 & 4 which attempt to basically solve many of the current problems with the Warsaw System, by adopting the SDR as the unit of currency, by establishing the carrier's absolute liability and an unbreakable limit and by increasing the carrier's passenger limit of liability to SDR 100,000, as well as permiting the domestic introduction of supplemental compensation. To summarize my own sentiments regarding the future, I would say that given the fact that Asian air lines are now world leaders both in overall size and rate of growth, and the fact that both Asian individuals and governments are becoming more and more reliant on the global civil aviation networks as their economies become ever stronger, I am hopeful that Asian nations will henceforth play a bigger role in ensuring the orderly and hasty development of a workable unified system of rules governing international commercial air carriage.

• Journal of Arbitration Studies
• /
• v.17 no.2
• /
• pp.167-187
• /
• 2007

As Korea has reached a free trade agreement with the United States of America, it is required to provide an appropriate procedure to ".kr" domain name disputes based on the principles established in the Uniform Domain Name Dispute Resolution Policy(UDRP). Currently, Internet address Dispute Resolution Committee(IDRC) established under Article 16 of the Act on Internet Address Resources provides the dispute resolution proceedings to resolve ".kr" domain name disputes. While the IDRC's proceeding is similar to the UDRP administrative proceeding in procedural aspects, the Domain Name Dispute Mediation Policy that is established by the IDRC and that applies to disputes involving ".kr" domain names is very different from the UDRP for generic Top Level Domain (gTLD) in substantial aspects. Under the Korea-U.S. Free Trade Agreement(KORUS FTA), it is expected that either the Domain Name Dispute Mediation Policy to be amended to adopt the UDRP or the IDRC to examine the Domain Name Dispute Mediation Policy in order to harmonize it with the principles established in the UDRP. It is a common practice of cybersquatters to warehouse a number of domain names without any active use of these domain names after their registration. The Domain Name Dispute Mediation Policy provides that the complainant may request to transfer or delete the registration of the disputed domain name if the registrant registered, holds or uses the disputed domain name in bad faith. This provision lifts the complainant's burden of proof to show the respondent's bad faith because the complainant is only required to prove one of the three bad faiths which are registration in bad faith, holding in bad faith, or use in bad faith. The aforementioned resolution procedure is different from the UDRP regime which requires the complainant, in compliance with paragraph 4(b) of the UDRP, to prove that the disputed domain name has been registered in bad faith and is being used in bad faith. Therefore, the complainant carries heavy burden of proof under the UDRP. The IDRC should deny the complaint if the respondent has legitimate rights or interests in the domain names. Under the UDRP, the complainant must show that the respondent has no rights or legitimate interests in the disputed domain name. The UDRP sets out three illustrative circumstances, any one of which if proved by the respondent, shall be evidence of the respondent's rights to or legitimate interests in the domain name. As the Domain Name Dispute Mediation Policy provides only a general provision regarding the respondent's legitimate rights or interests, the respondent can be placed in a very week foundation to be protected under the Policy. It is therefore recommended for the IDRC to adopt the three UDRP circumstances to guide how the respondent can demonstrate his/her legitimate rights or interests in the disputed domain name. In accordance with the KORUS FTA, the Korean Government is required to provide online publication to a reliable and accurate database of contact information concerning domain name registrants. Cybersquatters often provide inaccurate contact information or willfully conceal their identity to avoid objection by trademark owners. It may cause unnecessary and unwarranted delay of the administrative proceedings. The respondent may loss the opportunity to assert his/her rights or legitimate interests in the domain name due to inability to submit the response effectively and timely. The respondent could breach a registration agreement with a registrar which requires the registrant to submit and update accurate contact information. The respondent who is reluctant to disclose his/her contact information on the Internet citing for privacy rights and protection. This is however debatable as the respondent may use the proxy registration service provided by the registrar to protect the respondent's privacy.

• The Korean Society of Law and Medicine
• /
• v.8 no.1
• /
• pp.107-135
• /
• 2007

In preparation of the medical examination records, the failure to correctly write the taken medical behaviors on the medical examination records, is subject to criminal conviction due to the breach of the Article 21-1. The false or overstated writings on the medical examination records is subject to the same punishment due to the Article 21-1, which $\underline{additionally}$ may lead to the administrative measures such as the suspension of license according to Article 53-1. The interpretation is considered as proper in light of the function of the medical examination records, hazard to the patients, and the doctors' ethics. In light of the attitude of The Supreme Court for the preparation obligation of the medical examination records specified in the medical law Article 21-1(Purport : The doctors may continue to use their opinions on the patient's status and treatment process on the medical examination records, may provide the proper information to other medical staff, and ought to specify the details enough to decide the appropriateness of such medical behaviors after the recent treatment.), the false writings of the doctors on the medical examination records of the non-treated patient as faithfully treated one during the entire period before the present hospitalization, will be regarded as the fulfillment obligation of the preparation of the medical examination records in the medical law Article 21-1.

• The Korean Society of Law and Medicine
• /
• v.19 no.2
• /
• pp.41-72
• /
• 2018

In the division of labor (or teamwork) in medicine, the responsibility of medical and nursing staff should be separated or distributed to justify negligent criminal offenses. The present work refers to the standards by which the due diligence and responsibility of the individual persons are to be determined and delimited. In this context, it has been proven that objective theory as a measure of due diligence is appropriate. From a moral point of view, when assessing due diligence, it makes sense to impose greater individual or higher performance demands on the perpetrator, but law and order require that due diligence should result from socially relevant human behavior. To give objective measure of negligence and to provide the highest level of personal responsibility, so that man can not be burdened too much responsibility and it is accordingly with an equality theorem. Afterwards some points are presented, which should be considered in a concrete fact in the determination of the medical negligence. Medical action has specific characteristics such as professionalism, discretionary and exclusive, unbalance of information. These characteristics distinguish medical actions from general negligence. The general level of knowledge, the urgency, working condition and working environment of the medical facility, duration of the professional practice, assessment of the medical activity are crucial in this context. As a standard of delineation of due diligence, I have used the permitted risk and the principle of trust. In the horizontal division of labor, the principle of trust applies. The principle of trust applies in principle in cases of division of labor interaction, when doctors in the same hospital exercise their own specific occupational field or everyone works in another hospital. However, this is not true for every case. In the vertical division of labor, the principle of trust does not apply and the senior physician can not trust the assistant doctors. In this case, the principle of trust is converted into a duty of supervision for assistant doctors by the senior physician. This supervision requirement could be used as a random check.

• The Korean Journal of Air & Space Law and Policy
• /
• v.32 no.1
• /
• pp.177-200
• /
• 2017

This writer have thus far reviewed the civil and criminal obligations of the directors of a parent company that sponsored financially troubled affiliates. What was discussed here applies to logistics companies in the same manner. Hanjin Shipping cannot expect its parent company, Korean Air to prop it up financially. If such financial aid is offered without any collateral, under Korean criminal law, the directors of the parent company bears the burden of civil and criminal responsibility. One way to get around this is to secure fairness in terms of the process and the content of aid. Fairness in terms of process refers to the board of directors making public all information and approving such aid. Fairness in terms of content refers to impartial transactions that block out any possibilities of the chairman of the corporate group acting in his private interest. In the case of Korean Air bailing out Hanjin, the meeting of board of directors were held five times and a thorough review was conducted on the risks involved in the loans being repaid or not. After the review, measures to guard against undesirable scenarios were established before finally deciding on bailing out Hanjin. As such, there are no issues. In terms of the fairness of content, too, there were practically no room for the majority shareholder or controlling shareholder to pocket profits at the expense of the company. This is because the continued aid offered to a financially troubled company (i.e. Hanjin Shipping) was a posing a burden to even the controlling shareholder. This writer argues that the concept of the interest of the entire corporate group needs to be recognized. That is, it must be recognized that the relationship of control and being controlled between parent company and affiliate company, or between affiliate companies serves a practical benefit to the ongoing concern and growth of the group and is therefore just. Moreover, the corporate group and its affiliates, as well as their directors and management must recognize that they have an obligation to prioritize the interests of the corporate group ahead of the interests of the company that they are directly associated with. As such, even if Korean Air offered a loan to Hanjin Shipping without collateral, the act cannot be treated as an offense to law, nor can the directors be accused of damages that they bear the responsibility of compensating under civil law.