• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.73-75
• /
• 2012

공인인증서는 온라인상에서 금융거래, 전자상거래, 전자정부 등에서 본인확인을 위한 수단으로 사용되고 있다. 공인인증서의 유효성을 확인하기 위한 방법 중 하나인 CRL(Certificate Revocation List) 검증방법은 실시간으로 검증하기 어렵기 때문에 공인인증서가 부정하게 사용될 수 있다. 본 논문에서는 해쉬값을 이용하여 CRL 검증방식에서 효력이 정지된 인증서의 정보만을 빠르게 갱신하는 방법을 제안하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.997-1000
• /
• 2007

u-Healthcare란 언제 어디서나 의료 장비 및 센서 등을 이용하여 수집된 생체 정보를 유선 또는 무선의 통신수단을 이용하여 유비쿼터스를 지향하는 지능형 의료정보를 제공하는데 목적을 두고 있는 서비스이다. 각종 센서에서 수집된 생체 신호 및 의료 데이터는 그 데이터를 필요로 하는 기관 또는 병원 등에 전송되어야 하는데, 현시점에서는 하드웨어나 서비스 중심의 구현에만 집중되고 있어서 전송시에 보안에 대한 연구가 제대로 이루어 지지 않고 있다. 또한 이와 같은 이런 정보들은 개인에게는 매우 중요한 데이터로써 외부로 노출될 시에 심각한 프라이버시 침해가 예상된다. 이를 위해 본 논문에서는 PKI 사용자 인증을 통하여 본인 여부를 확인하여 u-Healthcare서버에 로그인 하는 시스템을 설계하고 구현하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.3
• /
• pp.543-548
• /
• 2016

Public electronic certificates, as an important means for identification, have been used as the main economic transactions, including banking, e-government, e-commerce. identification. However, damage cases of certificates have been increased by Illegally issued and by hacking practices. Also the users have a difficult in ensuring that their certificates when and where to use. Therefore, the proposed system gives the organization code for the Institutions using OCSP services in advance, the organization code embedded in extensions of OCSP request message structure when institutions ask the validation of certificate to CA(Certificate Authority). Also, OCSP server can extract the organization code from OCSP request message, confirm the institution, and record it in certificate history management table of DB. In this paper, we presented a system that could determine the certificate history check using OCSP service, public electronic certificate validation service, and implemented to prevent and cope immediately with financial incidents.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.29-42
• /
• 2019

As online services become more and more popular due to the development of IT, non-face-to-face transactions are continuously increasing rather than face-to-face transactions. The personal identity proofing service(PIPS) based on the alternative method of the resident registration number is used for the purpose of confirming the identity of the other party on the Internet. However, in the case of the current PIPS, the personal information of the PIPS user is excessively provided to the online service provider. As a result, privacy problems of online users, shortage of choice of information providing options, and lack of differentiation of authentication methods are becoming problems. Therefore, this paper proposes a method to improve the PIPS based on the current resident registration number alternative method and to provide a method to differentiate the provision of excessive personal information. In the proposed method, we analyze trends and current status of overseas online PIPS in order to provide a method of providing differentiation of personal information and proposes an effective improvement method applicable to domestic.

• The KIPS Transactions:PartA
• /
• v.10A no.5
• /
• pp.433-438
• /
• 2003

To provede public services through Internet, there are several prerequisites such as security issue resolutions for public area installation and hardware support for authorized signatures etc. in addition to web-based system development. A kiosk-based system is a right solution for public services provision through Internet because a kiosk has hardware features supporting authorized signatures and also it can be installed at public area through Internet without security exposure, meeting security guidelines of National Intelligence Service. The process to provide public services through a koisk is that a client requests a kind of public services selecting menu through the kiosk, then the system issues a civil service documents after taking authentification and payment process. To support those kinds o processes it is required to support electronic payment using SMART card in addition to cash payment and to apply government standard security guidelines to protect administrative and personal information. This kiosk-based Internet public service system support and meet those all requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.721-737
• /
• 2014

The Resident Registration Number(RRN) system has been effectively acted as a national identification system since it was enforced. On the other hand, there are some problems such as leakages of personal informations including RRNs on a large scale and each RRN makes a pair with each person in all areas of the society. Nevertheless leakages of them might cause a big damage, there is no radical countermeasure for they are never changed in actual fact. In Republic of Korea, a RRN acts as a primary key of a database, so it has to be protected by severing the connectivity between leaked RRNs and the other personal data. In this paper, the Unconnected Random Personal Identification Number system is proposed for preventing damage of data spills by removing a dependency which the RRN has. Furthermore, this paper suggests the solutions against some potential issues in the system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.47-60
• /
• 2011

With the increase in the use of mobile banking service, mobile banking has become an attractive target to attackers. Even though many security measures are applied to the current mobile banking service, some threats such as physical theft or penetration to a mobile device from remote side are still remained as unsolved. With aiming to fill this void, we propose a novel approach to prevent e-financial incidents by analyzing mobile device user's input patterns. This approach helps us to distinguish between original user's usage and attacker's usage through analyzing personal input patterns such as input time-interval, finger pressure level on the touch screen. Our proposed method shows high accuracy, and is effective to prevent the e-finance incidents proactively.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.5
• /
• pp.969-976
• /
• 2022

In this paper, a drunk driving prevention system was implemented to measure drunk driving before starting to prevent drunk driving accidents caused by complacency after drinking. In order to prevent a situation in which a driver but not a driver authenticates instead of a driver, the identification means was strengthened and the alcohol sensor was implemented to operate when the wind sensor measured above the set value set. Through this system, the driver's alcohol measurement process was strengthened. Sensors were determined through various experiments, and finally, when the alcohol concentration was 0.03% or more, the DC motor was stopped and the vehicle was designed to be unable to operate, thereby implementing a system in which drunk driving was prevented in advance.

• The Journal of the Korea Contents Association
• /
• v.12 no.7
• /
• pp.169-175
• /
• 2012

It is the fact that crime has always co-existed with human history;that preventive measures have always been taken while it has been transformed and developed in some forms. We, in the meantime;should not be negligent in the matter that our preventive measures are rather short sighted, and non strategic in many ways. Now then, would we be able to question, if our modern crime preventive measures have been modernized and become more strategic? Certain point has been raised to myself;especially regarding (community oriented policing cop); this has been one of the strategic crime preventive measures co-performed by the central police;Jeju-special independent province maybe an appropriate example; which has become special self rule province in July, 2007; establishing not only independant police but also have established police station addition to already existing police stations. To proof my opinion; I have tried to compare and contrast the statistics of the crime rates and types of the Jeju area before and after the establishment of the self police and police station; also to see how patterns changed.(if there has been any.) I have also tried to analyse if there is any special type of crime statistics in Jeju province, by analysing current crimes in accordance to populations. Altough it has not much reached my initial expectations, I hope it still is meaningful to have been able to show some ways to prevent crimes in Jeju-strategically.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.6
• /
• pp.367-378
• /
• 2006

A mobile phone has became as a payment tool in e-commerce and on-line banking areas. This trend of a payment system using various types of mobile devices is rapidly growing, especially in the Internet transaction and small-money payment. Hence, there will be a need to define its standard for secure and safe payment technology. In this thesis, we consider the service types of the current mobile payments and the authentication method, investigate the disadvantages, problems and their solutions for smart and secure payment. Also, we propose a novel authentication method which is easily adopted without modification and addition of the existed mobile hardware platform. Also, we present a simple implementation as a demonstration version. Based on virtual machine (VM) approach, the proposed model is to use a pseudo-random number which is confirmed by the VM in a user's mobile phone and then is sent to the authentication site. This is more secure and safe rather than use of a random number received by the previous SMS. For this payment operation, a user should register the serial number at the first step after downloading the VM software, by which can prevent the illegal payment use by a mobile copy-phone. Compared with the previous SMS approach, the proposed method can reduce the amount of packet size to 30% as well as the time. Therefore, the VM-based method is superior to the previous approaches in the viewpoint of security, packet size and transaction time.