• The Journal of the Korea Contents Association
• /
• v.11 no.11
• /
• pp.49-61
• /
• 2011

In recent, library is considered as an integrated knowledge convergence center that can respond to various requests about information service of users. Therefor it is necessary to establish a novel information system based on information communications technologies of the era. In other words, it is currently required to develop mobile information service available in portable devices such as smart phones or tablet PCs, and to establish information system reflecting cloud computing, SaaS, Annotation, and Library 2.0 etc. In this paper we design and implement a library information system using collective intelligence and cloud computing. This information system can be adapted for the varieties of mobile service paradigm and abruptly increasing amount of electronic materials. Advantages of this concept model are resource sharing, multi-tenant supporting, configuration, and meta-data supporting etc. In addition it can offer software on-demand type user services. In order to test the performance of our system, we perform an effectiveness analysis and TTA authentication test. The average response time corresponding to variance of data reveals 0.692 seconds which is very good performance in timing effectiveness point of view. And we detect maturity level-3 or 4 authentication in TTA tests such as SaaS maturity, performance, and application programs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• The KIPS Transactions:PartD
• /
• v.13D no.6 s.109
• /
• pp.847-856
• /
• 2006

In this paper, we suggested a mobile collaboration framework for supporting mobile services among mobile devices, and designed and implemented on this environment. The suggested framework has three elements; groups of sensors and mobile devices(Fixed and Moving-typed PDAs) and a home server. We designed interfaces for interactions with each other in collaboration environment with three elements described above. The information collected by sensors can be share and exchanged by mobile devices or a home server in accordance with Push and Pull methods. This framework is based on the distributed object group framework(DOGF) we implemented before. Therefore the DOGF provides functions of object group management, storing information and security services to our mobile collaboration framework via application interfaces defined. The information collected by sensors is arranged according to user's security 'demands. And user profile information is used for checking authority of each service object. Each component for executing functions of mobile devices and a home server is implemented by TMO scheme. And we used the TMOSM for interactions between distributed components. Finally, we showed via GUI the executablity of a given healthcare application scenario on our mobile collaboration framework.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.433-440
• /
• 2003

According as the real economic activities are carried out in the cyber world and the identity problem of a trade counterpart emerges, digital signature has been diffused. Due to the weakness for real-time validation using the validation method of digital signature, Certificate Revocation List, On-line Certificate Status Protocol was introduced. In this case, every transaction workload requested to verify digital signature is concentrated of a validation server node. Currently this method has been utilized on domestic financial transactions, but sooner or later the limitation will be revealed. In this paper, the validation method will be introduced which not only it can guarantee real-time validation but also the requesting node of certificate validation can maintain real-time certificate status information. This method makes the revocation management node update the certificate status information in real-time to the validation node while revoking certificate. The characteristic of this method is that the revocation management node should memorize the validation nodes which a certificate holder uses. If a certificate holder connects a validation node for the first time, the validation node should request its certificate status information to the above revocation management node and the revocation management node memorizes the validation node at the time. After that, the revocation management node inform the revocation information in real-time to all the validation node registered when a request of revocation happens. The benefits of this method are the fact that we can reduce the validation time because the certificate validation can be completed at the validation node and that we can avoid the concentration of requesting certificate status information to a revocation node.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.1
• /
• pp.603-608
• /
• 2018

Although the voltage-applied discharge method is most widely used in the semiconductor and display industries, periodic management costs are incurred because the method causes defects due to the absorption of ambient fine dust and causes emitter tip contamination due to the discharge. The emitter tip contamination problem is caused by the accumulation of fine particles in ambient air due to the corona discharge of the ionizer. Fuzzy ball generation accelerates the wear of the emitter tip and deteriorates the performance of the ionizer. Although a mechanical cleaning method using a manual brush or an automatic brush is effective for contaminant removal, it requires management of additional mechanical parts by the user. In some cases, contaminants accumulated in the emitter may be transferred to the wafer or product. In order to solve this problem, we developed an ionizer for a clean environment that can remove the pencil-type emitter tip and directly ionize the surrounding gas molecules using the tungsten wire located inside the ion tank. As a result of testing and certification by the Korea Institute of Machinery and Materials, the average concentration was $0.7572particles/ft^3$, the decay time was less than two seconds, and the ion valance was 7.6 V, which is satisfactory.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.93-98
• /
• 2022

Information service technology continues to develop, and information service continues to expand based on the IT convergence trend. The premeter-based security model chosen by many organizations can increase the effectiveness of security technologies. However, in the premeter-based security model, it is very difficult to deny security threats that occur from within. To solve this problem, a zero trust model has been proposed. The zero trust model requires authentication for user and terminal environments, device security environment verification, and real-time monitoring and control functions. The operating environment of the information service may vary. Information security management should be able to response effectively when security threats occur in various systems at the same time. In this study, we proposed a security policy distribution system in the object reference method that can effectively distribute security policies to many systems. It was confirmed that the object reference type security policy distribution system proposed in this study can support all of the operating environments of the system constituting the information service. Since the policy distribution performance was confirmed to be similar to that of other security systems, it was verified that it was sufficiently effective. However, since this study assumed that the security threat target was predefined, additional research is needed on the identification method of the breach target for each security threat.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.