• Smart Media Journal
• /
• v.12 no.3
• /
• pp.38-48
• /
• 2023

When an individual needs to prove eligibility, it is sufficient to know whether or not s/he meets the eligibility, but any existing method inevitably exposes the identity of the owner or unnecessary additional information in the process of providing personal information. In this paper, among the immutable items of personal information such as gender, date of birth, and place of birth, we propose a method in which the owner provides only essential item(s) to the eligibility verifier with each iterm marked on one option among multiple choices. In this way, the eligibility verifier can access the combination of items stored in the blockchain with the consent of the information owner, and can safely store the access history by requesting recording in the blockchain again. In the proposed method, the user does not worry about his/her identity being revealed or his/her personal information being overly exposed, and the eligibility verifier can check only necessary items and search later records without separately storing the records.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.355-358
• /
• 2021

개인의 신원정보 보호에 대한 중요성이 높아지면서 개인이 직접 자신의 신원정보를 관리하고 데이터의 주권을 신원정보 소유자에게 부여하는 자기주권 신원 시스템에 대한 관심이 높아지고 있다. 자기주권 신원 시스템 내에서 개인은 스스로 자신을 식별할 수 있는 분산 식별자(DID: decentralized identifier)를 생성하고 분산 식별자 별 개인의 자격을 증명해주는 자격증명(VC: verifiable credentials) 정보를 발급받아 개인이 보유하며 자격증명의 검증을 요구하는 검증자에게 선택적으로 자격증명 정보를 제시한다. 개인의 프라이버시를 보호하기 위해 개인의 자격증명을 제시할 때 신원정보의 실제 데이터는 감추고 자격증명의 유효성은 입증시키는 영지식 증명의 개념을 적용하고 있다. 본 논문에서는 영지식 증명 기술을 살펴보고 하이퍼레저 인디(Hyperledger Indy) 기반 자기주권 신원 시스템에서 영지식 증명 기술 도입 예를 보인다.

• Review of KIISC
• /
• v.14 no.2
• /
• pp.46-56
• /
• 2004

식별번호를 이용한 본인확인기술(SIM : Subject Identification Method) 표준(안)은 국내 보안분야로는 처음으로 IETF PKIX 워킹그룹에서 논의되고 있는 순수 국내 보안기술로 연내 IETF 공식표준문서(RFC)로 채택될 가능성이 높다. 동 기술은 PKI 기반의 전자서명인증서비스에서 동일한 이름을 갖는 개인 사용자나 유사한 법인명을 갖는 법인사업자가 겪을 수 있는 본인확인의 오류를 원천적으로 방지하여 인증서 소유자의 신원을 유일하게 확인할 수 있는 방안을 제공한다. 본 고에서는 관련 국외 동향을 고려하여 SIM 표준(안)의 보안요구사항, 프로토콜, 표준화 주요 쟁점 및 진행상황을 고찰하고자 한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.472-481
• /
• 2006

J. Zhou et al. proposed a new public-key framewort in which the maximum lifetime of a certificate is divided into short periods and the certificate could be expired at the end of any period under the control of the certificate owner(or his manager in a corporate environment). However, J. Zhou et al.'s public-key framework is not suitable on implementation in real world. Therefore, we review some security Parameters to change them into more suitable ones for implementation and remove an unnecessary trust party of J. Zhou et al.'s public-key framework. Then, we propose an improved scheme for realistic solution. Moreover, we present a practical application based on the improved framework.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.69-80
• /
• 2007

To protect personal information when releasing data, a general privacy-protecting technique is the removal of all the explicit identifiers, such as names and social security numbers. De-identifying data, however, provides no guarantee of anonymity because released information can be linked to publicly available information to identify them and to infer information that was not intended for release. In recent years, two emerging concepts in personal information protection are k-anonymity and $\ell$-diversity, which guarantees privacy against homogeneity and background knowledge attacks. While these solutions are signigicant in static data environment, they are insufficient in dynamic environments because of vulnerability to inference. Specially, the problem appeared in record deletion is to deconstruct the k-anonymity and $\ell$-diversity. In this paper, we present an approach to securely anonymizing a continuously changeable dataset in an efficient manner while assuring high data quality.

• The KIPS Transactions:PartB
• /
• v.9B no.5
• /
• pp.517-522
• /
• 2002

Mobile agent systems offer a new paradigm for distributed computation and a one of solution for limitation of existent Client-server model. Mobile agent systems provide interface that can migrate from host to host in a heterogenous network. For secure execution, it must solve security problem of mobile code before. In this paper, we are propose the protocol that applied signature technique and hash chain technique. This protocol enable one to offer forward integrity, non-repudiation, and forgery detection, when mobile agents are perform the task by migrating a network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.45-54
• /
• 2003

A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.95-102
• /
• 2023

As the utilization value of personal information increases, discussions on how to provide personal information are active, but information required by institutions to utilize personal information is being exposed more than necessary. Therefore, personal privacy protection is essential to overcome the problems and limitations of personal information protection. In this study, a decentralized identity information management model that overcomes the problems and limitations of the centralized identity management method of personal information and manages and selectively provides personal information by the information owner himself and demonstrates the excellence of personal information by implementing the Smart Personal Information Provision System (SPIPS) in the PBFT consensus algorithm through experiments.

• Korean Security Journal
• /
• no.17
• /
• pp.255-276
• /
• 2008

The important items, which should be considered in Private Investigation Law, can include subjects, licenses, the scope of business, qualifying examinations, and supervisory and penal provisions. The subjects of Private Investigation Law should be permitted to be both natural persons and juridical persons in terms of providing various services, but should be permitted to be juridical persons and should be administered on a license system, even in order to ensure public interests. Concretely, the introduction scope of Private Investigation Law can be regulated to include the followings: that is, investigating the whereabouts identification of runaways and missing children, investigating the personal identification, habit, way of action, motivation, whereabouts identification, real child confirmation, association, transaction, reputation, and personality of specific persons or specific groups, investigating the whereabouts identification of missing persons, owners of government-vested properties or renounced properties, investigating the whereabouts of lost properties or stolen properties, investigating the causes of fire, character defamation, slander, damage, accident, physical disability, infringement on real estate or movable property, and investigating all sorts of accidents including traffic accidents, insurance accidents, and medical malpractices. In the qualifying examination, examinees' age should be restricted to be over age 25. The person, who is exempted from its primary examination, should be restricted to be the person, who has the career of over 20 years in related fields, in consideration of its equity with other certificates of qualification. In the supervisory institution, as the policy institution is the supervisory institution in many countries including France (the police) and Japan (public security committee), so the National Policy Agency should be the supervisory institution in consideration of management aspects. In the penal regulations, especially, we should clarify the management of personal information (personal information protection, personal information management), and so should prevent the infringement of people's basic rights, and then should ensure the public interest.