• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.437-454
• /
• 2020

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.6 no.3
• /
• pp.41-56
• /
• 1996

Database servers that are used to provide multimedia information services in World Wide Web(WWW) environment have to support the access control mechanism that allows authorized users to access the constructed databases. In this paper, we define an authorization model as well as authorization policies to enforce the proper access control on databases in the BADA-III object-oriented database server and propose an access evaluation algorithm. Also we implement this model and the algorithm in the BADA-III database server. Considering the service environment of the WWW, we expect that database service providers can simply and effectively protect their data using the proposed model.

• The Journal of Korean Medicine
• /
• v.33 no.3
• /
• pp.147-159
• /
• 2012

Objectives: Systems related to the production, authorization, and listing for insurance of herbal medicine products were compared between South Korea and Taiwan to illuminate herbal medicine products system issues in South Korea. Methods: Papers, and laws and policies related to the production, authorization, and listing for insurance of herbal medicine products in South Korea and Taiwan are analyzed to create the primary documents. The documents from South Korea were screened with the advice of a specialist, while those from Taiwan have been verified through local investigation and with the help of a related specialist. The screened documents were then compared and analyzed in the order of the systems related to the production, authorization, and listing for insurance of herbal medicine products. Results: The systems related to the production of herbal medicine products satisfy GMP requirements in both countries, while Taiwan has more specialized systems related to the production of herbal medicine products and a more strict authorization program as compared to South Korea. While South Korea has most of the herbal medicine products classified as non-prescription drugs, Taiwan has them as prescription drugs. And while South Korea does not allow new herbal medicine products to be listed for insurance, Taiwan allows for once-a-year application toward listing for insurance. Conclusions: In order to ensure the safe and effective use of herbal medicine products, systems related to the production, authorization, and listing for insurance of herbal medicine products are to be established, while the categorization of medicine products principally used by Korean medicine doctors should be prepared. Furthermore, prescription by a Korean medicine doctor for new drugs made with natural products and their listing for insurance need to be encouraged.

• Proceedings of the Korea Contents Association Conference
• /
• 2014.06a
• /
• pp.221-222
• /
• 2014

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.4 s.304
• /
• pp.25-32
• /
• 2005

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'Smart space' augmented with intelligence and enhanced with services. However, the deployment of this computing paradigm in real-life is disturbed by poor security, particularly, the lack of proper authentication and authorization techniques. Also, it is very important not only to find security measures but also to preserve user privacy in ubiquitous computing environments. In this Paper, we propose efficient user authentication and authorization model with anonymity for the privacy-preserving for ubiquitous computing environments. Our model is suitable for distributed environments with the computational constrained devices by using MAC-based anonymous certificate and security association token instead of using Public key encryption technique. And our Proposed Protocol is better than Kerberos system in sense of cryptographic computation processing.

• The Journal of the Korea Contents Association
• /
• v.8 no.11
• /
• pp.25-32
• /
• 2008

Access control techniques should be flexible enough to support all protection granularity levels. Since access control policies are very likely to be specified in relation to document types, it is necessary to properly manage a situation in which documents fail to be dealt with by the existing access control policies. In terms of XML documents, it is necessary to describe policies more flexibly beyond simple authorization and to consider access control methods which can be selected. This paper describes and designs the access control policy system for authorization for XML document access and for efficient management to suggest a way to use the capacity of XML itself. The system in this paper is primarily characterized by consideration of who would exercise what access privileges on a specific XML document and by good adjustment of organization-wide demands from a policy manager and a single document writer.

• The Mathematical Education
• /
• v.24 no.2
• /
• pp.27-34
• /
• 1986

At present, Japanese textbooks of mathematics for elementary and secondary schools are thorized by the Ministry of Education. In former days, this system was also in effect for mentary schools until 1905 and for secondary schools until 1944. this article we discuss the start and the change of this system until 1905 and its influences the textbooks of mathematics. The main interest of the system was originally to prevent the textbooks from having the pressions which have the fear of breaking laws, disturbing the public morals or mistaking real facts. The interest changed to assure that the textbooks might comply with the ional standards of teaching syllabuses. And the standards such as the ones of the sizes of ers in the textbooks were made public one after another. The comments attached to the textbooks which applied for the authorization often pointed out use of unsuitable concrete numbers. The comments were often concerned with the difficulty words or sentenses for elementary schools and with the incorrectness of mathematical contents secondary schools. We conclude that the system encouraged the rapid modernization and regularization of Japanese tbooks during this period. We may note that there was a tendency not to adopt an extremely usual trial into the textbooks.

• Journal of Information Technology Services
• /
• v.13 no.4
• /
• pp.245-254
• /
• 2014

Payment system is defined as the various contracts and operating facilities for the transfer of monetary value to clear the relationship between credit and debt. Payment systems essentially require the efficient and reliable operations. Card-based payment systems are developed practically and creatively in accordance with the progress of ICT. Especially in mobile environment with intelligent mobile devices such as smart-phones and tablets, a variety of payment services are provided. Existing card-based payment services are configured by the payment transaction initiated by the merchants card acceptance and then swiping into the CAT (Card Authorization Terminal) to begin the transaction. The merchant initiated payment services are now applied to the Wireless CAT (W-CAT) for mobile environment. That kind of payment services cause many problems such the illegal card information leaks and the lingering threat of W-CAT theft. Also, the use of many W-CATs increased cost to the merchant. In this paper, we propose the card holder initiated card payment system using the intelligent mobile devices in mobile environment for solving problems of the existing merchant initiated card payment system and coping effectively with the activation of a wireless data network and changes of information technology.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.58
• /
• pp.287-311
• /
• 2013

In this study, the scope of previous logistics security were focused only on port and ship. Because of it now extends to the overall (export and import) supply chain areas and in regards with supply security programs in the international level, it reviewed supply chain security programs categorized them into 'ships and port security system', 'container screening system', 'logistics chain authorization system' which are expanded to be adopted in the international level. The major features of those programs are summarized as in building risk management system, providing information ahead, selectivity test and benefits to AEO authorized companies in the customs administration level. The government and companies which are to ensure supply chain security and trade facilitation in order to cope actively with international customs administrative atmosphere need to do the followings : First, they need to build an intra-government integrated supply chain security and make efforts to conclude AEO MRA in order to increase trade competitiveness among major trading countries. Second, they need to build supply chain risk management system in order to enhance management performance through overseas market and company level strategy to obtain and maintain AEO authorization in the company level.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1094-1103
• /
• 2016

Physical Web and Eddystone can be serviced by a single integrated application on the device by using their servers' URL. However, they have a limitation that their servers must be customized for service characteristics on a case by case basis. In other words, regardless of the service selected for BLE, it should have a modified linkage application for each device. Hence, we think that a new integrated service platform, which is able to link and support its Beacon from the central server and is also able to support its application, is needed for achieving better service quality. This platform consists of push (Broadcasting for Beacon service) parts and pull (Connection) parts to establish communication. Especially, Pull should be operated and controlled under the authorization (secure) management for safe and trustable communication. It means that BLE must have its new authorization communications protocol to protect its data as much as possible. In this paper, we propose a BLE integrated authorization protocol for a BLE device control server based on Physical Web and Eddystone.