• Journal of the Korea Society of Computer and Information
• /
• v.24 no.1
• /
• pp.217-224
• /
• 2019

The intelligent robot industry is a complex which encompasses all fields of science and technology, and its marketability and industrial impact are remarkable. Major countries in the world have been strengthening their policies to foster the intelligent robot industry, but discussions on liability issues and legal actions that are accompanied by the related big or small accidents are still insufficient. In this study, therefore, the patent law by artificial intelligence robots and the legislation for relevant legal actions at the criminal law level are presented. Patent law legislation by artificial intelligence robots should comply with the followings. First, the electronic human being other than humans ought to be given legal personality, which is the subject of patent infringement. Even if artificial intelligence has legal personality, legal responsibility will be varied depending on the judgment of whether the accident has occurred due to the malfunction of the artificial intelligence itself or due to the human intervention with malicious intention. Second, artificial intelligence as a subject of actors and responsibility should be distinguished strictly; in other words, the injunction is the responsibility of the intelligent robot itself, but the financial repayment is the responsibility of the owner. In the criminal law legislation, regulations for legal punishment of intelligent robot manufacturing companies and manufacturers should be prepared promptly in case of legal violation, by amending the scope of application of Article 47 (Penal Provisions) of the Intelligent Robots Development and Distribution Promotion Act. In this way, joint penal provisions, which can clearly distinguish the responsibilities of the related parties, should be established to contribute to the development of the fourth industrial revolution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.3
• /
• pp.13-29
• /
• 2005

An important characteristic of role-based access control model(RBAC) is that by itself it is policy neutral. This means RBAC articulates security policy without embodying particular security policy. Because of this reason, there are several researches to configure RBAC to enforce traditional mandatory access control(MAC) policy and discretionary access control(DAC) policy. Specifically, to simulate MAC using RBAC several researches configure a few RBAC components(user, role, role-hierarchy, user-role assignment and session) for keeping no-read-up rule and no-write-down rule ensuring one-direction information flow from low security level to high security level. We show these researches does not ensure confidentiality. In addition, we show the fact that these researches overlook violation of integrity due to some constraints of keeping confidentiality. In this paper we propose a RBAC model satisfying both confidentiality and integrity. We reexamine a few RBAC components and constructs additional constraints.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.143-148
• /
• 2007

In the context of mass traffic, firewall system cannot record normal log files against DDoS attack. The loss of log record causes that a firewall system does not know whether a packet is normally filtered or not, and firewall log, which is an essential data for the counter measure of violation accident, cannot be verified as trusted. As a network speed increases, these problems happen more frequently and largely. Accordingly, the method to use simply additional hardware devices is not recommended for the popularization of firewall. This paper is devoted to verify the loss of iptable log that is the mother's womb of most domestic firewall systems and show that the log handling methods for conventional firewall systems are needed to improve.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.167-174
• /
• 2008

As both a digital camera and a digital camcorder are popularized in recent years, UCC created by general users is also popularized. Unfortunately, according to that, the lack of privacy is also increasing more and more. The UCC is saved on the recordable media(Media) like DVD and deposited personally as well as distributed through Internet portal service. If you use Internet portal service to put up your contents, you can partially prevent the violation of privacy using security technologies such as authentication and illegal copy protection offered by internet portal service providers. Media also has technologies to control illegal copy. However, it is difficult to protect your privacy if your Media having personal contents is stolen or lost. Therefore, it is necessary to develope an additional security mechanism to guarantee privacy protection when you use Media. In this paper, we describe AACS framework for Media Security and propose improved AACS framework to control the access to personal contents saved on Media.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.37-45
• /
• 2003

Role-based Access Control(RBAC) model has advantage of easy management of access control with constraints such as permission inheritance and separation of duty in role hierarchy. However, previous RBAC studies could not properly reflect the real-world organization structure with its role hierarchy. User who is a member of senior role can perform all permissions because senior role inherits all permissions of junior roles in the role hierarchy. Therefore there is a possibility for senior role members to abuse permissions due to violation of the least privilege principle. In this paper, we present a new model of role hierarchy, which restricts the unconditional permission inheritance. In the proposed model, a role is divided into sub roles(unconditional inheritance. restricted inheritance, private role), keeping organization structure in corporate environment. With restricted inheritance, the proposed model prevents permission abuse by specifying the degree of inheritance in role hierarchy.

• The Journal of the Korea Contents Association
• /
• v.21 no.6
• /
• pp.19-34
• /
• 2021

The aim of this study is verifying the effects of chatbot's error types and structures of error message on attitude, behavior intention towards the chatbot and perceived usability of the chatbot. The error types of chatbot are divided into 'experience' error and 'agency' error, which set different expectancy level, according to mind perception theory. The structures of error message were either unstructured condition composed of error specification only or structured condition composed of apology, explanation and willingness of improvement. It was found that score of perceived usability was higher in experience error condition than agency error condition. Also, all three scores of dependent variables were higher in structured error message condition than unstructured error message condition. Furthermore, expectation gap of experience didn't predict the dependent variables but expectation gap of agency predicted all three dependent variables. Finally, the tendency of interaction effect between the error type and the structure of the error message on expectation gap of agency was observed. This study confirmed the mitigating effect of structured error messages and the possibility that these effects may vary by the type of error. The result is expected to be applicable to design of error coping strategies that enhance user experience.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.291-307
• /
• 2021

There has been global efforts to prevent the further spread of the COVID-19 and get society back to normal. 'Contact tracing' is a crucial way to detect the infected person. However the contact tracing makes another concern about the privacy violation of the personal data of infected people, released by governments. Therefore Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design. However, in order to provide the improved tracing application, it is necessary to identify potential security threats and investigate vulnerabilities for systematically. In this paper, we provide security analysis of Privacy-Preserving COVID-19 Contact Tracing App with STRIDE and LINDDUN threat models. Based on the analysis, we propose to adopt a verifiable computation scheme, Zero-knowledge Succinctness Non-interactive Arguments of Knowledges (zkSNARKs) and Public Key Infrastructure (PKI) to ensure both data integrity and privacy protection in a more practical way.

• The Journal of Korean Institute of Information Technology
• /
• v.17 no.5
• /
• pp.105-116
• /
• 2019

Most of the public and private buildings in Korea are installing CCTV for crime prevention and follow-up action, insider security, facility safety, and fire prevention, and the number of installations is increasing each year. In the questionnaire conducted on the increasing CCTV, many reactions were positive in terms of the prevention of crime that could occur due to the installation, rather than negative views such as privacy violation caused by CCTV shooting. However, CCTV poses a lot of privacy risks, and when the image data is collected using the cloud, the personal information of the subject can be leaked. InseCam relayed the CCTV surveillance video of each country in real time, including the front camera of the notebook computer, which caused a big issue. In this paper, we introduce a system to prevent leakage of private information and enhance the security of the cloud system by processing the privacy technique on image information about a subject photographed through CCTV.

• Journal of Arbitration Studies
• /
• v.32 no.1
• /
• pp.43-69
• /
• 2022

In the case of the United States, which has the same provision as Article 10 of the Federal Arbitration Act, a contract may be exceptionally validated if the parties have clearly concluded the contract to expand the grounds for vacating awards in an arbitration agreement. It is possible that the parties create the grounds for vacating that is not stipulated in the statue by clear agreement. However, it remains the issues when this contract is valid. If we investigate the grounds for setting aside as discussed in this paper, in cases ① where an arbitrator failed to apply the substantive law expressly designated by the parties without a good reason; ② where there was a serious error in the application of the substantive law; ③ where an arbitrator decided under ex aequo et bono despite the parties explicitly designated the substantive law, the parties may bring an action for annulment of arbitral awards in court according to their agreement to expand the grounds for vacating the awards. It is important enough to change the rights and obligations of the parties for them whether or not the substantive law of the arbitration was applied. With Regard to the contract to expand the grounds for setting aside the awards in arbitration agreement, there are still issues how to handle the case where the parties have not designated the substantive law, and the validity of a contract to expand the grounds for vacating on reasons other than violation of law application, and relations with Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards, where the misapplication of the law does not stipulated as the grounds for refusal to recognize and enforce the foreign arbitral award, and so on.

• Journal of the Korea Safety Management & Science
• /
• v.24 no.2
• /
• pp.41-50
• /
• 2022

The food delivery platform labor market has been continuing to grow rapidly in Korea, which resulted in traffic accident increases of delivery riders. To prevent traffic accidents while delivery, this study conducted a survey for 462 delivery riders and analyzed the statistical relationships of delivery characteristics and risk perception with delivery accidents. The results of this study revealed that riders with young age (20s: 46.6%) and/or low delivery experience (less than 1 year: 50.6%) had significantly higher proportion of accident experience than other age groups (over 40s: 36.2%) and high delivery experience (more than 2 years: 36.4%). In addition, side job riders (61.5%) showed significantly higher proportion of accident experience than main job riders (39.1%). The riders with accident experience had more number of deliveries per hour (weekday: 3.56, weekend: 3.91) than the riders without accident experience (weekday: 3.29, weekend: 3.68). Lastly, the riders with accident experience rated significantly higher perceived level of risk on weather, violation of traffic laws, uninspected motorcycle, receiving calls while driving, missing safety training, missing personal protective equipment than the riders without accident experience. This study suggested four aspects based on the study results to prevent traffic accidents for delivery riders.