• Smart Media Journal
• /
• v.12 no.2
• /
• pp.27-35
• /
• 2023

Currently, online user authentication is perform using joint certificates issued by accredited certification authorities and simple certificates issued by private agency. In such a PKI(Public Key Infrastructure) system, various cryptographic technologies are used, and in particular, digital signatures are used as a core technology. The digital signature scheme is equally used in DID(Decentralized Identity), which is attracting attention to replace the existing centralized system. As such, the digital signature-based user authentication used in current online services is also applied in the metaverse, which is attracting attention as the next-generation online world. Metaverse, a compound word of "meta," which means virtual and transcendent, and "universe," means a virtual world that includes the existing online world. Due to various developments of the metaverse, it is expted that new authentication technologies including biometric authentication will be used, but existing authentication technologies are still being used. Therefore, in this study, we study digital signature scheme that can be efficiently used for user authentication in the developing metaverse. In particular, we experimentally analyze the effectiveness of ECDSA, which is currently used as a standard for digital signatures, and Schnorr signatures, which can quickly verify a large amount of signatures.

• Journal of Practical Engineering Education
• /
• v.15 no.1
• /
• pp.169-181
• /
• 2023

This study was conducted to examine the remuneration curriculum of vocational ability development training teachers and instructors and to examine ways to apply micro credentials. To this end, the current status of the remuneration curriculum of vocational ability development training instructors and instructors at K University's Competency Education Development Institute, the characteristics of micro credentials, and the possibility of linking the remuneration curriculum to micro credentials are as follows. First, most of the recognition of digital certificates was positive for digital certificates such as digital credit, digital badge issuance, and recognition of the recognized qualification process of maintenance education when completing the training course. In addition, as a method of applying micro credentials to conservative education, various cases were proposed to benefit from conservative education, systematization and grading of the qualification process, and credit of the qualification process. Second, as an institutional supplement to enhance the utilization of conservative education using micro credentials, the need to expand NCS-based major conservative education, provide efficient learning contents and learning methods, and set minimum completion time. In addition, the most common response as a way to improve the understanding of teachers and instructors in vocational ability development training was the micro credential promotion plan. Third, in the role of conservative education institutions and vocational ability development training instructors and instructors, conservative education institutions mention maintaining educational quality the most, and active participation was the role of vocational ability development training instructors. Through this study, it is expected to establish a vocational training environment that can enhance expertise and provide a practical portfolio of practical competency history by linking the remuneration curriculum of vocational competency development training instructors and micro credentials.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.6
• /
• pp.129-138
• /
• 2014

The Electronic contract means creation sign management and storage of contract by online without limitations of the time and space through the electronic signature and encode which based on the Certificate instead of the past that treatment the contract such as creation sign management and storage of contract by face-to-face. Recently, the remarkable development of information and communication technology with supplying the high-speed Internet services. Accordingly, the transaction contract made by these also, the steady legal effect occurred by two or more parties by legal action which is the electronic agreement of expression. and it makes agreement improving corporate productivity and it can control the whole process such as contract documents and the actual buying store provision. Like this it has many benefits so, it suddenly rising as the new axis of economic activity area, it is a reality. In this change of era, with the establishment of electronic contracts, there are many problems are occurred to the expression of parties which is core of the contract on civil code so, the systematic legal composition is required. Thus, in this study will propose the reasonable improvements about the issue of electronic contract through the consideration.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.43-50
• /
• 2019

Block-chain enjoys technical advantages such as "robust security," owing to the structural characteristic that forgery is impossible, decentralization through sharing the ledger between participants, and the hyper-connectivity connecting Internet of Things, robots, and Artificial Intelligence. As a result, public organizations have highly positive attitudes toward the adoption of technology using block-chain, and the design of university information services is no exception. Universities are also considering the application of block-chain technology to foundations that implement various information services within a university. Through case studies of block-chain applications across various industries, this study designs an empirical model of an integrated information service platform that integrates information systems in a university. A basic road map of university information services is constructed based on block-chain technology, from planning to the actual service design stage. Furthermore, an actual empirical model of an integrated information service in a university is designed based on block-chain by applying this framework.

• Journal of Korea Multimedia Society
• /
• v.8 no.1
• /
• pp.79-87
• /
• 2005

In e-commerce applications, a public key cryptosystem is an important and indispensible element for the basic security operations such as authentication, digital signaturing, and key distribution. In wired network environments, the public key infrastructure certificate, which is based on X.509 specification, has been widely used. On the other hand, it still remains difficult to use the certificate information in wireless network environments due to the inherent limitations of the hand-held devices such as low computational power and short battery life. In this paper, we facilitate a codesign approach by implementing a software public-key cryptosystem and classifying its internal computation overheads quantitatively using a software profiling technique. Moreover, we propose a method to analyze the profiled data and apply it to the problem of software/hardware partitioning in a codesign approach. As an illustrative example, we analyze the computational overheads of an EC-Elfagamal application and examine a critical computational path.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.952-960
• /
• 2007

Most Websites perform login process for authentication. But simple features like ID and Password have no trust because most people worry about appropriation. So the youth can easily access illegal media sites using other's ID and Password. Therefore this paper examine features be adaptable to authentication system, and propose a design of authentication system using multiple features. A proposed authentication system has two categories, such as low-level and high-level method. Low-level method consists of grant of authentication number through mobile phone from server and certificate from authority. High-level method combines ID/Password and features of fingerprint, character, voice, face recognition systems. For this, this paper surveys six recognition systems such as fingerprint, face, iris, character, vein, voice recognition system. Among these, fingerprint, character, voice, face recognition systems can be easily implemented in personal computer with low cost accessories. Usage of multiple features can improve reliability of authentication.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.351-354
• /
• 2009

In the internet communication technology, authentication of the user is main task. So far, very popular researches have been proposed for user authentications based on user_id and password. These existing methods have some merits as well as demerits also. In this paper, we analyzed the existing authentication method problems and implement a secure PingPong-128 based key generator for internet technology. In our new scheme, we are using one time password and security card numbers to generate the secure tokens for the user and internet service provider.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.10
• /
• pp.1375-1380
• /
• 2021

Korea's security response to application service app is still insufficient due to the initial opening of the public safety network. Therefore, preemptive security measures are essential. In this study, we proposed to establish a 'public safety network app security system' to prevent potential vulnerabilities to the app store that distributes app in public safety network and android operating system that operate app on dedicated terminal devices. In order for an application service app to be listed on the public safety network mobile app store, a dataset of malicious and normal app is first established to extract characteristics and select the most effective AI model to perform static and dynamic analysis. According to the analysis results, 'Safety App Certificate' is certified for non-malicious app to secure reliability for listed apps. Ultimately, it minimizes the security blind spots of public safety network app. In addition, the safety of the network can be secured by supporting public safety application service of certified apps.