• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.19-24
• /
• 2016

A Study on the Information Security System of Fin-Tech Business In traditional electronic commerce, there have not been severe issues of trading information through documents in paper or the closed EDI. The scale of e-commerce has increased as internet develops, however, turning to the online e-commerce, which caused a number of issues such as authentication, information forgery, and non-repudiation between the parties. To prevent conflicts from such troubles and perform the post management, security technologies are applied throughout the process of e-commerce, certificates intervening. Lately, meanwhile, FinTech has been creating a sensation around the mobile payment service. Incidents of information leakage from card corporations and hackings imply the need of securing safety of the financial service. Development and evolution of FinTech industry must be accompanied by information protection. Therefore, this research aims to inquire into the information security system of leading FinTech company in a foreign country.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.141-151
• /
• 2006

The destructive power of cyber threat arrived to until the phase which it threatens to direct and seriously in national security undergoes an important national institutuin hacking event of 2004 and Internet paralysis accidents of 2003. 1. 25. So Cyber terror and Cyber warfare is not the hypothetical enemy situation. It is more actual security situation and identify as magnification of warfare concept of incapacitation national important ability include military command system of the adversary, communication, energy, finance and transportation system. consequently, with the progress of cyber threat, it is necessary that looking at a number of general plan to make up for the weak points in cyber warfare operation system. Thus, the focus of this study is to examine new ways of developing a comprehensive cyber security management system.

• Korean journal of communication and information
• /
• v.23
• /
• pp.153-187
• /
• 2003

The main purpose of this study was to examine the characteristics of corporate PR practitioners whose opinions were quoted as news sources and of the related articles in the economic section of the nation's three largest newspapers. The results revealed that the PR practitioners were mostly males with the job title of general manager or manager working for large electronics/IT or financing companies in Seoul and near metropolitan areas. In particular, such overwhelming features were more clearly salient in the articles related to conflicts. However, the phenomena seem to have been somewhat eased since 2002 when the newspapers came out with the specialized economic section. Analyzing the articles in terms of the channel of covering news, theme of news, and the existence of any conflict, we found statistically significant differences in the characteristics of PR practitioners. In addition, the comparison between each period before and after the emergence of the specialized economic section also showed statistically significant differences in the characteristics of the PR practitioners in many cases.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1466-1477
• /
• 2016

Public key infrastructure(PKI), principle technology of the certificate, is a security technology providing functions such as identification, non-repudiation, and anti-forgery of electronic documents on the Internet. Our government and financial organizations use PKI authentication using ActiveX to prevent security accident on the Internet service. However, like ActiveX, plug-in technology is vulnerable to security and inconvenience since it is only serviceable to certain browser. Therefore, the research on HTML5 authentication system has been conducted actively. Recently, domestic bank introduced PKI authentication complying with web standard for the first time. However, it still has inconvenience to register a certification on each website because of same origin policy of web storage. This paper proposes the certificate based SSO protocol that complying with web standard to provide user authentication using certificate on several sites by going around same origin policy and its security proof.

• Journal of Digital Convergence
• /
• v.15 no.3
• /
• pp.175-180
• /
• 2017

In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.247-253
• /
• 2010

The demand that needs 'Digital Legacy', a notion that an Internet user can transfer his private blogs, e-mail and financial assets to inheritors and party interested when he died suddenly in the accident, has been growing recently. This issue has become a social hot potato since Justine Ellsworth's father in USA sued Yahoo for the right to access his son's Yahoo e-mail account after Justine Ellsworth had died in Iraq, in November, 2004 and the problems happened to deal with suicide-related blogs and homepages when great entertainers in Korea committed suicide and soldiers' parents in the situation of warship Chonan tragedy in Korea demanded access to soldiers' homepages and e-mail accounts. The point at issue focuses on the property matters about the digital information of the deceased and the relationship between the deceased and the Internet Service Provider(ISP). This research looks into the trend of judicial precedents and laws related to the digital information of the deceased and suggests the preliminary data of the next research.

• KIPS Transactions on Computer and Communication Systems
• /
• v.1 no.3
• /
• pp.229-242
• /
• 2012

Although many companies acknowledge the necessity of investment of information security, it is difficult to grasp a tangible effect and to calculate a scale of damage from the security incident. Consequently, companies are under the reality that it is not easy to make an investment decision for information security and to calculate the investment scale. For the investment decision making, although there are several traditional techniques of investment analysis, the investment of information security, comparing to other tangible assets, has limitations in using traditional techniques due to the highly uncertain investment effects. In this study, the traditional technique of investment analysis will be described, and the application method of analytic technique for Real Option, which is developed from the evaluation technique of highly uncertain financial futures and options, will be suggested.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.9
• /
• pp.6282-6289
• /
• 2015

Today, there is an increasing number of cases in which certificate information is leak, and accordingly, electronic finance frauds are prevailing. As certificate and private key a file-based medium, are easily accessible and duplicated, they are vulnerable to information leaking crimes by cyber-attack using malignant codes such as pharming, phishing and smishing. Therefore, the use of security token and storage toke' has been encouraged as they are much safer medium, but the actual users are only minimal due to the reasons such as the risk of loss, high costs and so on. This thesis, in an effort to solve above-mentioned problems and to complement the shortcomings, proposes a system in which digital signature for Internet banking can be made with a simply bio-authentication process. In conclusion, it was found that the newly proposed system showed a better capability in handling financial transitions in terms of safety and convenience.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.3
• /
• pp.133-142
• /
• 2013

Recently, smart devices for various services have been developed using converged telecommunications, and the markets for near field communication (NFC) mobile services is expected to grow rapidly. In particular, the realization of mobile NFC payment services is expected to go commercial, and it is widely attracting attention both on a domestic and global level. However, this realization would increase privacy infringement, as personal information is extensively used in the NFC technology. One example of such privacy infringement would be the case of the Google wallet service. In this paper, we propose an mutual authentication scheme based on NTRU for secure channel in OTA and an zero-knowledge proof scheme NTRU based on for protecting user information in NFC mobile payment systems without directly using private financial information of the user.