• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• The KIPS Transactions:PartD
• /
• v.14D no.5
• /
• pp.545-554
• /
• 2007

The user authentication and authorization in the current home network system almost works at home and home users, sometimes novice, should manage the system directly. This situation can make much of troubles, sometimes cause some suity problems. Moreover, the system costs high to build up, demands special user knowledge to maintain. In this paper, we propose the user authentication and authorization system based on remote management server to solve the problems, designed and implemented the system. To verify the system performance and function, we built a demo system for information appliances. The results of the test, the authentication and authorization function works well and reliably.

• Toxicological Research
• /
• v.17
• /
• pp.193-196
• /
• 2001

Issuance of certification and licensing for toxicologists authorized by the Japanese Society of Thxicology (JST) became effective on July 24, 1997. The certification system consists of examination, eligibility requirements for the applicants, authorization/license by the board of trustees of JST, and the re-certification of previously authorized qualification. In the last 2-3 years, about 30-40% of candidates for the examination have succeeded. The Committee has estimated that the level of the examination would be sufficient to determine qualified toxicologists. This updated status and a detailed explanation are to be presented at the workshop. In global terms, the JST special committee agrees that "harmonization of certification/registration procedure for qualified toxicologists means to ensure/set the minimum requirement for the global authorization of qualified toxicologists". The following items in global authorization are ad-dressed for further discussion: (1) What's the benefit\ulcorner (2) Toxicological safety assessment standards, and (3) the JST position for authorization.orization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.47-61
• /
• 2006

In the Internet era, enterprises want to use personal information of their own or other enterprises' subscribers, and even provide it to other enterprises for their profit. In this paper, a privacy authorization system for personal information based on privacy policies of users and enterprises is designed and implemented. Privacy policies of users and enterprises are described in XACML. Also, components of policy in XACML 2.0 such as Purpose, Obligation are suitable for expressing privacy policy. A prototype of privacy authorization system is implemented by modifying and extending the SUNXACML 1.2, a Sun's implementation of XACML 1.0 and some features of XACML 2.0, and GUI tools for composing and verifying are also developed.

• International Journal of Contents
• /
• v.6 no.3
• /
• pp.15-18
• /
• 2010

Grid system is based on the Grid Security Infrastructure (GSI). GSI uses user's proxy to guarantee availability among multi-trust domains. Since grid system has been developed focusing on availability, GSI provides authentication and authorization performed by systems, but there are lacks of privacy consideration. For this reason, some researchers decide to use their own cluster system and do not want to use public grid systems. In this paper, we introduce a new privacy enhanced security mechanism for grid systems. With this mechanism, user can participate in resource allocation and authorization to user's contents more actively. This mechanism does not need to change previous middleware and minimize the computational overheads.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.11-19
• /
• 2007

A ubiquitous network environment is a system where the user can avail of the network's services anytime, anywhere. To establish such an environment, studies continue being conducted on wireless communication technology and mobile terminals. The company that provides such services should have an established system for authentication, authorization and charging for users. This service is referred to as Authentication, Authorization, Accounting(AAA), and its aspects have been consistently studied. On the other hand, existing studies have been promoted with regard to the authentication and efficiency of the mobile terminal. One of the method is that the mobile terminal contacts to the home authentication server through the external authentication server every time it is required and; another one is to use a medium server to provide authentication in the middle between them. Thus, this study aims to determine the best method to use ticketing, where tickets are provided through a mobile terminal, complete with authentication and authorization features. Also, as it uses ticket, it can efficiently provide mobile verification processing.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.289-294
• /
• 2014

Recently, the various web service and applications are provided to the user. As to these service, because of providing the service to the authenticated user, the user undergoes the inconvenience of performing the authentication with the service especially every time. The OAuth(Open Authorization) protocol which acquires the access privilege in which 3rd Party application is limited on the web service in order to resolve this inconvenience appeared. This OAuth protocol provides the service which is convenient and flexible to the user but has the security vulnerability about the authorization acquisition. Therefore, we propose the method that analyze the security vulnerability which it can be generated in the OAuth 2.0 protocol and secure user authority authentication method.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.59-65
• /
• 2002

Payment systems in EC need confidentiality, integrity, non-repudiation. All transactions between cardholders and merchants must be authorized by a payment gateway in SET protocol. RSA secret key operation which requires heavy computation takes the most part of the time for payment authorization. For the reason, a heavy traffic of payment authorization requests from merchants causes the payment gateway to execute excessive RSA secret key operations, which may cause the bottleneck of the whole system. To resolve this problem, One-Time Password technique is applied to payment authorization step of the SET protocol.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.5C
• /
• pp.737-749
• /
• 2004

Kerberos authenticates clients using symmetric-key cryptography, and supposed to Oust other systems of the realm in distributed network environment. But, authentication and authorization are essential elements for the security. In this paper, we design an efficient and secure authentication/authorization mechanism by introducing the public/private-key and installing the proxy privilege server to Kerberos. In the proposed mechanism, to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we reduce the number of keys by simplifying authentication steps. Proxy privilege server certifies privilege request of client and issues a privilege attribute certificate. Application server executes privilege request of client which is included a privilege attribute certificate. Also, a privilege attribute certificate is used in delegation. We design an efficient and secure authentication/authorization algorithm with Kerberos.

• The Journal of the Korea Contents Association
• /
• v.9 no.8
• /
• pp.113-120
• /
• 2009

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Therefore, as it becomes more and more necessary to manage and protect massive XML data in an efficient way, the development of safe XML access control techniques needs a new method. In this study access authorization policies are defined to design access control systems. The findings demonstrated that algorithm suggested in this study improved system performance which was low due to the complex authorization evaluation process in the existing access control techniques. It is consequently proved that the safe XML access control policy presented in this study is in an improved form as compared with the existing access control methods.