• Convergence Security Journal
• /
• v.14 no.7
• /
• pp.3-8
• /
• 2014

Recently, A utilization request of the U-Healthcare services are increasing rapidly. This is because the increase in smartphone users and ubiquitous computing technology was developed. Furthermore, the demand for access to and use of medical information systems is growing rapidly with a smartphone. This system have the advantage such as they can access from anywhere and anytime in the healthcare information system using their smartphone quickly and easily. But this system have various problems that are a privacy issue, the location disclosure issue, and the potential infringement of personal information. this problems are arise very explosive. Therefore, we propose a secure information security system that can solve the security problems in healthcare information systems for healthcare workers using smartphone. Our proposed system, doctors record, store, modify and manage patient medical information and this system would be safer than the existing healthcare information systems. The proposed system allows the doctor to perform further authentication by transmitting using SMS to GOTP message when they accessing medical information systems. So our proposed system can support to more secure system that can protect user individual information stealing and modify attack by two-factor authentication scheme. And this system can support confidentiality, integrity, location information blocking, personal information steal prevent using cryptography algorithm that is easy and fast.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.9
• /
• pp.85-91
• /
• 2014

Encryption is a method to convert information to no-sense code in order to prevent data from being lost or altered by use of illegal means. Audit logging creates audit log of users' activities, exceptions, and information security events, and then conserves it for a certain period for investigation and access-control auditing. Our paper suggests that confidentiality and integrity of information should be guaranteed when transmitting and storing important information in encryption. Encryption should consider both one-way encryption and two-way one and that encryption key should assure security. Also, all history related to electronic financial transactions should be logged and kept. And, it should be considered to check the details of application access log and major information. In this paper, we take a real example of encryption and log audit for safe data transmission and periodic check.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.7
• /
• pp.1120-1125
• /
• 2002

According as progress by information society, computer network use and enlargement of scale are accelerated more. Also, with good physician increase of information that is exchanged through computer network, security of network is embossed to controversial point that is new. Because P2P as that remove or weakens center server function is open network that can participate between each user, problem about authentication between each users is risen. If certain user in network i3 in open environment, this user must authenticate request about service to user who is admitted between each user to limit connection. This treatise proposed method to keep security in P2P environment to solve this and designed certification mechanism that quote Kerberos certification mechanism to mechanism that can share information safety in P2P environment.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.9
• /
• pp.2248-2255
• /
• 1998

The property of connectivity between DBMS and application system developed in java is very important under the distributed object environments with heterogeneous systems. In these days, mostly used JDBC 3-tier model, which supports the connectivity, has two problems: the one is the restricted connectivity needed for the Java applet as application programs and the other is the additional efforts to design and implemtnt in linking any application program with the middleware from being deficit of standard protocol. In order to solve these problems, we have worked on Enlarging the properties of JDBC 3 tier model by applying CORBA distributed object environments. Thus, the enlarged 3-tier model has an ORB-JDBC sub protocol for the client sub-protocol and a middleware whose property is supported by CORBA.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3B
• /
• pp.314-324
• /
• 2004

Recently, high-speed internet subscribers have grown continuously, and reached up to 10 millions. But existing network management that is responsible only for user access is confronted with many difficulties, since user access network(xDSL, Cable, B-WILL, and so on) has diversified and value added wired/wireless contents service has developed. In this paper propose the Agent based Inter Networking platform as object-oriented hierarchical system that can provide various service such as access QoS(Quality of Service), customized application service and security service according to user on demand. This system has divided into two parts(user agent and agent management system ＆ local and central management systems). Management system periodically receive status information such as bandwidth, download speed, delay, current service, and so on, and process them, then build a policy based on processed information. According to personal user profile that is generated by this policy, the customized service can be provided for users. And This system adopt the object-oriented modeling in case that system migration and integration, and implement a system that is robust and stable for security through hierarchical server system.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.95-100
• /
• 2014

The trend of business work that is related to supply chain changed into e-business using the electronic document However, the small and medium enterprise organizations still use huge volume of paper document, especially in private sector. Recently, the need for eco-friendly and low cost logistics becomes increasing. For this, it has expanded to exchange or to use e-document rather than the paper or manual processing in supply chain business. Therefore, this paper proposed the electronic access system for supply chain by business process modeling. If it is using the proposed system, it can be saving the exchanged or the scanned document to system, and user can utilize that document on just accessing system whenever they need the document. We believe it might reduce the burden of each organization because they don't need to save large volume data to their system or place. Furthermore, the benefits will effect across the national as well as global.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.1
• /
• pp.151-158
• /
• 2010

The industrial foundation of the inside and outside of a country has brought significant damages due to attacks from hackers. Especially, if the national primary core infrastructures(like electric power, dam, railroad, atomic energy, etc.) has been significantly damaged, it can be directly linked not only to economic problems but also to people's lives. These national primary core infrastructures usually constitute SCADA system using Modbus RS486 communication. Because of this characteristic, SCADA system has RTU master and slave linked to RJ11 cables to directly pass commands. RJ11 is possible in data spoofing using physical connection because the transmission range of RJ11 has a wide bandwidth(almost 1km). Hence, this paper designed an idle-time measurement system for SCADA system for emerging security improvement in the national primary core infrastructures.

• Journal of Korea Society of Industrial Information Systems
• /
• v.18 no.6
• /
• pp.83-94
• /
• 2013

As smart devices have proliferated and mobile networks have accelerated, various wired IT(Information Technology) services are transplanted in wireless environments. Cloud computing service, enabling individual users or firm users to download data from a server and upload data after manipulating data, is also available in mobile devices. Unlike cloud service in wired network environments, mobile cloud service provides differentiated aspects in mobility, security issues caused by persistent connection to networks. In this paper we aim to analyze the factors affecting the user attitude and their structural relationships towards mobile cloud service use. We extend TAM(Technology Acceptance Model) to consider the characteristics of mobile environments. Research findings, analyzed by SEM(Structural Equation Model), are explained and practical implications are presented with concluding remarks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.333-341
• /
• 2004

Along with the innovative enhancement of Internet technology and the emergency of distributed systems extended from client-server computing, it becomes indispensible and necessary to integrate and interconnect old legacy systems. Since building a distributed system requires consistency of integration, the proper reuse of incumbent systems is critical to successful integration of current systems to distributed ones. CORBA(Common Object Request Broker Architecture) and object wrapping technique can provide middleware solutions that extend the applications of a legacy system with little modification to the application level while keeping client consistency of standard interface. By using these techniques for system integration it is easier and faster to extend services on application development to distributed environments. We propose a model on object wrapping system that can manage, integrate, and separate the functions delivered from CORBA. We apply the object wrapping model specifically to integration of security system interfaces and also perform a test to verify the usability and the efficiency of our model.