• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.181-195
• /
• 2011

There's a controversy about an invasion of privacy which includes a leakage of private information and linking of user's behavior on internet. Although many solutions for this problem are proposed, we think anonymous authentication, authorization, and payment mechanism is the best solution for this problem. In this paper, we propose an effective anonymity-based method that achieves not only authentication but also authorization. Our proposed method uses anonymous qualification certificate and group signature method as an underlying primitive, and combines anonymous authentication and qualification information. An eligible user is legitimately issued a group member key pair through key issuing process and issued some qualification certificates anonymously, and then, he can take the safe and convenience web service which supplies anonymous authentication and authorization. The qualification certificate can be expanded according to application environment and it can be used as payment token.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.9 no.5
• /
• pp.233-242
• /
• 2009

The security of medical information need continued research about steady and flexible security model because of privacy of patient's as well as directly relation in the patient's life. In particular, u-healthcare environment is need flexible and detailed access control by variety changes of context. Control model analyzed relation of resource and authority, and analyzed authority about all accessible resource from access point using K2BASE. The context-based access control model can change flexibly authority change and role, and can obtain resource of authority granted and meaningly connected resource. As a result, this thesis can apply flexible and adaptive access control model at u-healthcare domain which context change various.

• The KIPS Transactions:PartA
• /
• v.13A no.1 s.98
• /
• pp.35-44
• /
• 2006

Grid accounting model is necessary to support the demand and supply of id resource. Most grid accounting systems currently in use intrude upon site autonomy by modifying local accounting systems or calculate the cost of grid service without regard to site price policy. In this paper we propose and design Grid accounting model based on site price policy. This model assures autonomy of sites participating in gird computing and be able to actively cope with diverse billing services. Also this proposed model enables to provide RUS to Grid entities by transforming basic accounting information into GGF-UR format and allows this entities to exchange resource usage information. In this paper, proposed Grid accounting model enables sites to have autonomy of them and is evaluated for business model to enforce elaborate charging policy, compared with other systems.

• The KIPS Transactions:PartC
• /
• v.14C no.2
• /
• pp.129-138
• /
• 2007

AAA(Aluthentieation, Authorization, Accounting) protocol is an information securitv technology that offer secure and reliable user Authentication, Authorization, Accounting function systematically in various services. protocol and wireless network work as well as win network. Currently IETF(Internet Engineering Task Force) AAA Working Group deal with about AAA protocol and studying with activity, But, recently it exposing much problems side to user's anonymity and privacv violation. Therefore, in this paper, AAAH(Home Authentication Server) authenticaters Mobile device, after that, use ticket that is issued from AAAH even if move to outside network and can be serviced offering authentication in outside network without approaching by AAAH, Also, we study mechanism that can offer user's privacy and anonymousness to when use service. Our mechanism is using Time Synchronization OTP and focusing authentication and authorization. Therefore, our mechanism is secure from third party attack and offer secure and effective authentication scheme. Also only right user can offer services by using ticket. can reduce signal and reduce delay of message exchanged, can offer persistent service and beighten security and efficiency.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2010.07a
• /
• pp.208-211
• /
• 2010

2012년 지상파 방송은 아날로그 송출을 종료하고 디지털 방송으로 전환된다. 이렇게 전환되는 지상파 디지털 방송은 무료로 누구나 시청할 수 있는 보편적 서비스를 지향하기 때문에, 케이블TV, 위성TV, IPTV 등의 다른 매체와는 달리 기술적 보호조치 없이 방송되고 있다. 또한 DTV 방송프로그램은 원본과 똑같은 화질로 개인이 쉽게 저장할 수 있고 인터넷을 통하여 누구나 쉽게 접근이 가능하기 때문에, DTV 방송프로그램의 무단복제와 인터넷을 통한 불법재배포는 큰 문제점으로 대두되고 있다. 이러한 불법 대량배포는 방송프로그램의 저작권을 심각히 침해할 뿐만 아니라, 방송사의 고품질의 방송프로그램을 제작환경을 더욱 열악하게 만들고 있다. 또한 일반 사용자는 인식하지 못하는 사이에 인터넷을 통해 불법 콘텐츠를 사용하게 되는 악순환에 빠지게 된다. 이에 본 논문은 KBS에서 추진하고 있는 여러 콘텐츠 보호 기술들을 하나의 보호 고리로 연결하는 KBS 보호기술 체계를 소개하고자 한다. 이를 위하여 KBS는 아래의 3가지 보호 기술을 개발하여 체계적으로 연결하여 적용하고 있다. 첫째, 프로그램의 저작권과 배포 정보를 나타내는 프로그램 보호신호(PPI, Program Protection Information)와 워터마크를 방송 신호에 삽입하여 수신기에서의 프로그램 보호를 추진한다, 둘째, 인터넷 OSP(Online Service Provider)와의 제휴를 통하여 콘텐츠 필터링 기술을 도입하여 프로그램 불법 업로드, 다운로드를 방지한다. 셋째, KBS 저작물 인터넷 모니터링 시스템을 개발하여 인터넷 상의 불법 프로그램 배포정보를 획득하여 불법배포가 진행되는 사이트에 보호를 요청한다.

• Journal of Korea Multimedia Society
• /
• v.12 no.1
• /
• pp.85-96
• /
• 2009

Due to the bitter competition in markets and the need changes of consumers, customer relationship management(CRM) plays a key role in determining management strategies in companies. In addition, due to the advance of Ubiquitous environment, new applications are developed in the CRM arena. Since traditional data gathering methods can invade people's privacy and cause inaccurate data, new methods are required. In this paper, we propose an RFID-based automatic analytical information generation system for a ubiquitous CRM. Firstly, we develop an RFID middleware. And then, we store the data acquired from the middleware into a database. Finally, we analyze the data automatically and convert the data into meaningful information. By applying our system to an exhibition hall, automatically generated analytical information are given to companies and customers. The proposed system can make many companies meet their customers' needs in a ubiquitous way and can give them more accurate data by using clustering, associating, sequencing when they make a decision for their successful marketing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.2
• /
• pp.374-379
• /
• 2005

In the most of medical institution medical information is totally stored in a database and many number of researchers and staffs of the hospital access these information anytime. This can be caused patient's privacy to be violated. Introducing a tool for security should be considered as one of the most important requirement especially in the case that today's medical information service expands into an integrated one. In this paper we review the matters of security threat on a medical information system and propose a secure medical information service model equipped on mobile device such as PDA. Also we propose a security architecture employing a digital signature mechanism to protect the personal information on the model. Proposed architecture can lead the doctor to diagnose with high responsibility, help to build a reliable medical information system. and through the signed data, we can get some useful information against medical strife.

• The Journal of Society for e-Business Studies
• /
• v.10 no.1
• /
• pp.121-134
• /
• 2005

The MANET has many problems in security despite of its many advantages such as supporting the mobility of nodes, independence of the fixed infrastructure, and quick network establishment. In particular, in establishing security, the traditional certification service has many difficult problems in applying to the MANET because of its safety, expandability, and availability. In this paper, a secure and effective distributed certification service method was proposed using the Secret Sharing scheme and the Threshold Digital Signature scheme in providing certification services in the MANET. In the proposed distributed certification service, certain nodes of relatively high safety among the mobile nodes consisting of the MANET, were set as privileged nodes, from which the process of issuing a certification started. The proposed scheme solved problem that the whole network security would be damaged by the intrusion to one node in the Centralized Architecture and the Hierarchical Architecture. And it decreased the risk of the exposure of the personal keys also in the Fully Distributed Architecture as the number of the nodes containing the partial confidential information of personal keys decreased. By the network simulation, the features and availability of the proposed scheme was evaluated and the relation between the system parameters was analyzed.

• Journal of Digital Contents Society
• /
• v.19 no.8
• /
• pp.1515-1525
• /
• 2018

Security threats in the 4th Industrial Revolution have expanded to the issue of safety, but the environment for information security of domestic companies is still at a low level. This study aims to propose policy implications by empirically analyzing factors affecting investment intention. We investigated the state of information security and protection behavior and expanded UTAUT to investigate correlations. The results showed that information assets affect facilitating conditions, and perceived and new concerns have impacts on social influence. Social influence affect experience and habits, but the impact on security investment intentions was rejected. Facilitation conditions, previous experiences and habits have great influences on investment intention, new service security investment intention. The influence of perceived and new concern are low or rejected. There are moderating effects between types of business, size, security organization, experience of infringement, security personnel ratio, and personal information collection. This study will help to establish policies for enhancing the level of information security.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.5 no.5
• /
• pp.547-554
• /
• 2010

RFID is core technology to lead ubiquitous computing, and attract the notice of the world. It also improves social transparency, creates employment, and invigorates the allied industries. However, The technical characteristic with RFID has some problems with security and privacy. The commercialization of RFID is delayed due to these problems. This paper introduces the technical method to find solutions about an invasion of privacy to be due to introduce RFID system. First, this method applies Hash-Chain proposed by M. Ohkubo and some other researchers. The more tags increase, the more it demands lots of computation time. We divide SPs equally to solve these problems. And then, We'll suggest solutions to shorten the identification time of tag by implementing SPs with multi nodes of Grid environment at the same time. This makes it possible to keep the privacy protection of RFID tag, and process RFID tag in real time at the same time.