• Journal of the Korea Society of Computer and Information
• /
• v.29 no.4
• /
• pp.83-89
• /
• 2024

After the end of the service of Internet Explorer, the use of ActiveX ended, and the Non-ActiveX policy spread. HTML5 is used as a standard protocol for web pages established based on the Non-ActiveX policy. HTML5, developed in the W3C(World Wide Web Consortium), provides a better web application experience through API, with various elements and properties added to the browser without plug-in. However, new security vulnerabilities have been discovered from newly added technologies, and these vulnerabilities have widened the scope of attacks. There is a lack of research to find possible security vulnerabilities in HTML5-applied websites. This paper proposes a model for detecting tags and attributes with web vulnerabilities by detecting and analyzing security vulnerabilities in web pages of public institutions where plug-ins have been removed within the last five years. If the proposed model is applied to the web page, it can analyze the compliance and vulnerabilities of the web page to date even after the plug-in is removed, providing reliable web services. And it is expected to help prevent financial and physical problems caused by hacking damage.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.620-622
• /
• 2013

Real-time Video communication technology using a Web browser today is on the rise. Video communication system The existing A method of providing an Video communication via a program for a specific server on the service provider, respectively. By using the server of the company that provides an Video communication solutions, were limited by using its own network that you can use to build a separate server for performing Video communication another, using specific software and user groups it was a mechanism for using the Video communication environment. In addition, must be installed separately and ActiveX, plug-in and, use of the service has become possible. Therefore, in this paper, utilizing the real-time Video communication Web-based technology without installing the plug-in, real-time through a Web browser or Active-X of another using a script HTML5 and the Web on the Internet Using HTTP in an environment in the Internet is possible, I've implemented a system capable of Video communication.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1466-1477
• /
• 2016

Public key infrastructure(PKI), principle technology of the certificate, is a security technology providing functions such as identification, non-repudiation, and anti-forgery of electronic documents on the Internet. Our government and financial organizations use PKI authentication using ActiveX to prevent security accident on the Internet service. However, like ActiveX, plug-in technology is vulnerable to security and inconvenience since it is only serviceable to certain browser. Therefore, the research on HTML5 authentication system has been conducted actively. Recently, domestic bank introduced PKI authentication complying with web standard for the first time. However, it still has inconvenience to register a certification on each website because of same origin policy of web storage. This paper proposes the certificate based SSO protocol that complying with web standard to provide user authentication using certificate on several sites by going around same origin policy and its security proof.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1049-1062
• /
• 2019

The national accredited certificate is a user certificate issued based on the user's personal information, which has been identified in advance, and has become a universal authentication method used for most electronic financial transactions and user authentication. And it contributed a lot to the use of e-government and domestic service. However, due to the lack of web standards on how to use, it was inconvenient to install a separate plug-in, and efforts to improve it have been continued. In this paper, we attempt to solve the problem of certificate usage environment by presenting the certificate digital signature method using the extension of the FIDO2 (Fast Identity Online v2) client to authentication protocol (CTAP) specification.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.159-167
• /
• 2012

The authentication system of the PKI(public key infrastructure) provides the authenticity and security, accessibility, economic feasibility, and convenience to the service provider and users. Therefore the public and private companies in Korea widely use it as the authentication method of the web service. However, the safety client system is threatened by many vulnerable factors which possibly caused when using PKI-based authentication system. Thus, in this article vulnerable factors caused by using the PKI-based authentication system will be analyzed, which is expected to be the useful data afterwards for the construction of the new authentication system as well as performance improvement.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.6
• /
• pp.1404-1417
• /
• 1998

Currently, there exists two different methods for database retrieval in the internet. First is to use the search engine and the second is to use the plug-in or ActiveX technology, If a search engine, which makes use of indices built from keywords of simple text data in order to do a search, is used when accessing a database, first it is not possible to access more than one database at a time, second it is also not possible to support various conditional retrievals as in using query language, and third the set of data received might include many unwanted data, in other words, precision rate might be relatively low. Plug in or Active technology make use of Web browset to execute chents' query in order to do a database retrieval. Problems associated with this is that it is not possible to activate more than one DBMS simultaneously even if they are of the same data model. sefond it is not possible to execute a user query other than the ones thai arc previou sly defined by the client program In this paper, to resolve those aforementioned problems we design and implement database retrieval system using a virtual database, which makes it possible to provide direct query jntertacc through the conventional Web browser. We assume that the virtual database is designed and aggregated from more than one relational database using the same data model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1025-1036
• /
• 2016

The conversion of the international standard web utilization HTML5 technology is being developed for improvement of the internet environment based on nonstandard technology like ActiveX. Hyper Text Markup Language 5 (HTML5) of basic programming language for creating a web page is designed to consider the security more than HTML4. However, the range of attacks increased and a variety of security threats generated from HTML4 environment inherited by new HTML5 API. In this paper, we focus on the script-based attack such as CSRF (Cross-Site Request Forgery), Cookie Sniffing, and HTML5 API such as CORS (Cross-Origin Resource Sharing), Geolocation API related with the infringement of the personal information. We reproduced the infringement cases actually and embodied a detection module of a Plug-in type diagnosed based on client. The scanner allows it to detect and respond to the vulnerability of HTML5 previously, thereby self-diagnosing the reliability of HTML5-based web applications or web pages. In a case of a new vulnerability, it also easy to enlarge by adding another detection module.

• Journal of Broadcast Engineering
• /
• v.4 no.1
• /
• pp.12-21
• /
• 1999

Without a question. the most significant new medium for transmitting information is the Internet. Unfortunately. the multimedia elements that enrich our titles are extremely bulky. While the Internet hype is available in unlimited supply. Internet bandwidth and functionality of web browser are not making the net quite hospitable to multimedia data formats. In this thesis. for smoother and better communications over the net. a study is done on still image compression techniques. based on wavelet transform which is selected on MPEG-4 as a still image compression standard and a strong candidate for the JPEG-2000 standard. For Internet service. the study of plug-in programming and ActiveX control is implemented to enrich the functionality of web browser. As a result. the proposed still image service gives better image quality than current standard JPEG and does not yield to the common blocking artifacts.