• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.75-84
• /
• 2001

Existent public key certificates provide authentication information through some information on user\`s public key. However, an attribute certificate which stores and manage user\`s attribute information, provides various privilege information such as position, privilege and role. In recent, international organizations establishes standards on attribute certificate, and the researches and developments on attribute certificate have been widely made. In addition it may be expected to be used many real application area requiring for authorization information as well as authentication information. Therefore, this paper considers background and standardization trends of attribute certificate and describes the profile and related techniques of attribute certificate currently established by IETF. In addition, it introduces and access control system using attribute certificate and specifies applications of attribute certificate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.99-109
• /
• 2021

With the recent development of ICT, information exchange through data communication network is increasing. Cryptography is widely used as the base technology to protect it. The initial cryptography technology was developed for military use and authorized only by the nation in the past. However, nowadays, much of the authority was unwillingly transferred to the private due to the pervasive use of ICT. As a result, there have been conflicts between the private demand to use cryptography and the nation's authority. In this paper, we survey the conflicts between nations and the private in the process of formulating the cryptography policy. Morever, we investigate the reality of the cryptography policy in Korea. Our investigations are expected to help the government apply cryptographic control policy in a balanced manner and plan development of cryptography industries. Lastly, we propose a need to establish a cryptanalysis organization and to legislate a legal sanction against fraudulent use of cryptography.

• Korean Security Journal
• /
• no.26
• /
• pp.59-87
• /
• 2011

Security Business Act of Korea is leaning toward the aspect of regulation, while it provides few provisions about vesting the authority, which causes problems such as legal loopholes to be raised in regard to the rules about authorizing the private security personnel to perform security affairs properly and defining the limit of power. So, it should be done to interpret the law in order to draw the legal basis of empowering as well as to set limits of the authority of security main agent, and Article 7, Section 1, of Security Business Act is the very provision that involves the legal basis. In the scope of 'Management Power', the statutory authority in the first clause of Article 7 of Security Business Act, the security personnel can use force for self-defense, defense of others and property, and prevention of crimes. In addition, the powers of interrogation, access control, and eviction notice are involved in its scope. The private security personnel as the occupation assistant can take precautions and if the infringement on the benefit and protection of the law is imminent or done, he or she can use force within the limits of the passive resistance and the means of defiance on the basis of 'Management Power'. The private security personnel, however, can exercise the force only if the necessary conditions of legal defense, emergency evacuation, and legitimate act of criminal law are fulfilled.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.261-273
• /
• 2019

Recently, with the development of IT technology, there is an increasing interest in cloud services as the number of users using mobile devices such as mobile phones and tablets is increasing. However, there is a need for techniques to control or control various methods of accessing data as the user's service demands increase. In this paper, we propose a dual key based user authentication model that improves the user 's authentication efficiency by using two keys (secret key and access control key) to access the users accessing various services provided in the cloud environment. In the proposed model, the operation process and the function are divided through the sequence diagram of the algorithms (key generation, user authentication, permission class permission, etc.) for controlling the access right of the user with dual keys. In the proposed model, two keys are used for user authentication and service authorization class to solve various security problems in the cloud service. In particular, the proposed model is one of the most important features in that the algorithm responsible for access control of the user determines the service class of the user according to the authority, thereby shortening the management process so that the cloud administrator can manage the service access permission information of the user.

• Journal of Korean Philosophical Society
• /
• v.147
• /
• pp.261-281
• /
• 2018

This paper will cover recent discussions on the risks of human being due to the development of artificial intelligence(AI). We will consider AI research as artificial narrow intelligence(ANI), artificial general intelligence(AGI), and artificial super intelligence(ASI). First, we examine the risks of ANI, or weak AI systems. To maximize efficiency, humans will use autonomous AI extensively. At this time, we can predict the risks that can arise by transferring a great deal of authority to autonomous AI and AI's judging and acting without human intervention. Even a sophisticated system, human-made artificial intelligence systems are incomplete, and virus infections or bugs can cause errors. So I think there should be a limit to what I entrust to artificial intelligence. Typically, we do not believe that lethal autonomous weapons systems should be allowed. Strong AI researchers are optimistic about the emergence of artificial general intelligence(AGI) and artificial superintelligence(ASI). Superintelligence is an AI system that surpasses human ability in all respects, so it may act against human interests or harm human beings. So the problem of controlling superintelligence, i.e. control problem is being seriously considered. In this paper, we have outlined how to control superintelligence based on the proposed control schemes. If superintelligence emerges, it is judged that there is no way for humans to completely control superintelligence at this time. But the emergence of superintelligence may be a fictitious assumption. Even in this case, research on control problems is of practical value in setting the direction of future AI research.

• The Korean Journal of Archival Studies
• /
• no.38
• /
• pp.3-35
• /
• 2013

The physical access or control of records with material entities is relatively easy. However, in the case of electronic records, due to its heightened applicative aspect that allows anyone with the authority to have access over the data, it requires an appropriate standard and stability to ensure the authenticity and integrity of electronic records. This study performed functional evaluation by extracting the minimum critical items from the national functional requirements documents and standards to explore the access control function that play an important role for the standard records management system to maintain quality requirements of electronic records. Based on this checklist, it evaluates whether the standard records management system properly carries out the access control function and investigates the current condition of application to practical records management work. Records managers generally do not use access control function, which may be because they do not feel the necessity, since the application of records management system is not yet actively promoted. In order for the standard records management system to be developed to become a more active system, it requires system improvement as well as considerations for below factors: First, although the necessity of establishing access control conditions is already recognized, it requires a clear stipulation of the regulation. Second, measures must be taken to implement access control in the records management system through document security solution. Third, it requires self-reflection of records manager, who utilizes the records management system. Instead of placing all responsibility on the National Archives, which established the system, professionals must further develop the system through continuous evaluation and improvement. Finally, a general discussion is required to publicize the issue of functional improvement of records management system. Although there is a bulletin board already created for this purpose, its users are extremely limited and it only deals with current problems. A space in online as well as in offline is required to solve the fundamental problems and exchange opinions.

• Korean Business Review
• /
• v.20 no.1
• /
• pp.19-32
• /
• 2007

As business environments rapidly changing and becoming more competitive, manager begin to realize the needs of the network organization structure reflecting the newly emerging internet environments. This paper, therefore, attempt to provide managers with a framework that can be used to design an effective network structure. The framework described here shows three important characteristics of network organizations: First, staffs need to be knowledge workers, rather than rule follower. Second, managers need to emphasize the empowerment, rather than exercising hierarchical power and control. In order for managers to support the design of network organizations they need to implement information systems that can integrate staffs, tasks, and information technologies.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2001.05a
• /
• pp.1-10
• /
• 2001

SNMPv3 provides the security services such as authentication and privacy of messages as well as a new flexible and extensible administration framework. Therefore, with the security services enabled by SNMPv3, network managers can monitor and control the operation of network components more secure way than before. But, due to the user-centric security management and the deficiency of policy-based security management facility, SNMPv3 might be inadequate network management solution for large-scaled networks. In this paper, we review the problems of the SNMPv3 security services, and propose a Role-based Security Management Model(RSM), which greatly reduces the complexity of permission management by specifying and enforcing a security management policy far entire network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.1
• /
• pp.55-60
• /
• 2020

In this paper, we propose an access control system using cryptography as a method to protect personal data in public blockchain. The proposed system is designed to encrypt data according to the access policy, store it in the blockchain, and decrypt only the person who satisfy the access policy. In order to improve performance and scalability, an encryption mechanism is implemented outside the blockchain. Therefore, data access performance could be preserved while cryptographic operations executed Furthermore it can also improve the scalability by adding new access control modules while preserving the current configuration of blockchain network. The encryption scheme is based on the attribute-based encryption (ABE). However, unlike the traditional ABE, the "retention period", is incorporated into the access structure to ensure the right to be forgotten. In addition, symmetric key cryptograpic algorithms are used for the performance of ABE. We implemented the proposed system in a public blockchain and conducted the performance evaluation.

• Journal of Navigation and Port Research
• /
• v.46 no.4
• /
• pp.338-343
• /
• 2022

As the revitalization of the global maritime industry continues, the number of foreign ships navigating the maritime territories of maritime neighboring countries has rapidly increased. However, large-scale marine accidents have occurred, caused by the insufficient establishment of a system for management and operation relative to vessels' safety-condition. To address that, the IMO has granted the right to exercise port state control, especially for foreign vessels, to countries with jurisdiction over maritime territories with strengthening regulations and guidelines. In particular, the Republic of Korea, as a member of the TOKYO MOU, is conducting PSC, but as of 2020, the proportion of foreign ships was three times higher than that of national ships that called in domestic ports. However, the inspection rate was low at 9% which has not met the recommended level by the TOKYO MOU. Thus, this study conducted an IPA analysis as well as content analysis, by collecting the practical opinions and views of PSCO through objective questionnaires and written expert interviews, for improving the efficiency and effectiveness of domestic PSC. As a result, it was derived that the importance and performance related to human factors such as life on board, working environment, and response to safety accidents should be improved in to raise the quality of PSC inspection. Additionally, the work environment and performance of PSC in domestic ports for foreign vessels could be improved, if multifaceted support bases are established, for administrative unification of related tests for PSC, recruitment of PSCO, activation of the defection-reporting system, reorganization of the PSC execution group, etc.