• Journal of Korea Society of Digital Industry and Information Management
• /
• v.4 no.3
• /
• pp.45-53
• /
• 2008

As internet is wide spread, the number of internet service provider is increased. Internet service providers gather the personnel information with inhabitants registration identification number for the user management and the adult authentication. The personnel information is spreaded thorough the Internet by the system hacking, mismanagement and malicious resale. And the personnel information is used for spam email, phishing scams, etc. by malicious others. So the Ministry of Information and Communication Republic of Korea developments I-PIN system of the personnel identification. But, I-PIN has some problem the guideline for it and the method of 5 I-PIN services. In this paper, we analyze the problem about the guideline for I-PIN and the method of 5 I-PIN services. And we propose the countermeasure about the problem.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• Food Science and Industry
• /
• v.54 no.2
• /
• pp.82-92
• /
• 2021

To resolve difficulties of export process and strengthen competitiveness, Korea National Food Safety Certificate (K-NFSC), a comprehensive food safety support system, has been promoted to introduction. K-NFSC is at a developmental stage where the government certifies the safety of exported K-foods by developing Korean certification system based on HACCP and food safety management added for international use, and provides consulting on regulations of customs clearance and safety test analysis of food intended for export. To apply for the Global Food Safety Initiative (GFSI) technical equivalence in 2022, developmental direction of Korean certification system is set referring to FSSC22000. If selected as participants of an export supporting project, regulatory information such as customs clearance procedures and food labeling will be provided. In addition, the results of safety test analysis will be certified to help export products pass customs entry. K-NFSC is expected to support K-food exports and be growth engine for K-food industry.

• IEIE Transactions on Smart Processing and Computing
• /
• v.3 no.5
• /
• pp.298-305
• /
• 2014

In this study, a novel Randomly Shifted Certification Authority Authentication protocol was used in ad hoc networks to provide authentication by considering the MAC layer characteristics. The nodes achieve authentication through the use of public key certificates issued by a CA, which assures the certificate's ownership. As a part of providing key management, the active CA node transfers the image of the stored public keys to other idle CA nodes. Finally the current active CA randomly selects the ID of the available idle CA and shifts the CA ownership by transferring it. Revoking is done if any counterfeit or duplicate non CA node ID is found. Authentication and integrity is provided by preventing MAC control packets, and Enhanced Hash Message Authentication Code (EHMAC) can be used. Here EHMAC with various outputs is introduced in all control packets. When a node transmits a packet to a node with EHMAC, verification is conducted and the node replies with the transmitter address and EHMAC in the acknowledgement.

• Journal of Auto-vehicle Safety Association
• /
• v.13 no.1
• /
• pp.31-37
• /
• 2021

SCMS is a security credential management system for V2X communication, which performs generation/ provision/validation of device's security certificates. In this paper, we will explain about the main functions of SCMS and the role of each institution, and propose the following improvement measures in the process of establishing the Korean V2X security certification system. First, connection scheme of ERA (Enrollment certificate RA) between SCMS and Vehicle Manager Information System (VIMS) will be proposed. Second part is the problem of certificate revocation and proposal of improvements.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.334-336
• /
• 2004

국내 전자상거래 제품과의 호환성과 확장성을 위하여 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 PKCS(Public Key Cryptographic Standard) #11 암호 API(Application Programming Interface)에 기능을 추가한다. PKCS #11에서 정의한 키 관리(Hey Management) 함수의 입력 파라미터에 암호화할 키를 바로 입력하면 변조된 키를 전달할 수 있으므로, 본 논문에서는 안전한 키보호(Key Protection) 함수를 새로 정의하여 암호화할 키 대신 사용자 PIN(Personal Identification Number: 패스워드) 입력하여 사용자의 KCDSA 개인키와 공개키를 보다 더 안전하게 보관하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.757-759
• /
• 2001

인증서의 유효성을 검사하기 위해 인증기관의 디렉도리내에 있는 최신의 인증서 폐지 목록을 많은 사용자가 동시에 조회시 시스템의 부하 및 속도 저하를 가중시킬 수 있다. 본 논문에서는 디렉토리에 대한 부하를 분산시키고 효율적으로 인증서 유효성 검사를 수행하기 위해 사용자 PC내에 자동 업데이트 엔진을 두어 인증서내의 CRL 분배점을 통한 인증서 폐지 목록을 다운로드 하는 방법을 제안하였다. 다운로드된 인증서 폐지 목록은 사용자의 인증서와 함께 유효성 검사에 이용되며 디렉토리에 대한 조회 횟수를 분산시켜부하를 감소시킬 수 있다.

• Journal of Industrial Convergence
• /
• v.7 no.1
• /
• pp.21-31
• /
• 2009

Multicast is a network technology for the delivery of information to a group of destinations simultaneously using the most efficient strategy to deliver the messages over each link of the network only once, creating copies only when the links to the multiple destinations split. This thesis designed a group certificate that can authenticate group information safety between cores based on CBT, proposed a multicast security system that can control some security key.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.1
• /
• pp.206-215
• /
• 2007

Ad-Hoc network technology is a mobile internet technology of the future that will be used widely not only in Mobile Network but also in Wireless Personal Area Network (WPAN) and Ubiquitous Network For this to occur, distributed routing protocol design, loop prevention for link information reduction in overhead for control messages and route restoration algorithm must be improved or complemented. Security techniques that can guarantee safe com-munication between Ad-Hot nodes net also be provided. This study proposes and evaluates a new authentication mechanism for MANET. The mechanism segregates the roles of certification authority to keep with the dynamic mobility of nodes and handle rapid and random topological changes with minimal over-head. That is, this model is characterized by its high expandability that allows the network to perform authentication service without the influence of joining and leaving nodes. The efficiency and security of this concept was evaluated through simulation.

• Journal of information and communication convergence engineering
• /
• v.5 no.2
• /
• pp.144-149
• /
• 2007

Grid technologies make it possible for IT resources to be shared across organizational and security domains. The traditional identity-based access control mechanisms are unscalable and difficult to manage. Thus, we propose the FAS (Federation Agent Server) model which is composed of three modules: Certificate Conversion Module (CCM), Role Decision Module (RDM), and Authorization Decision Module (ADM). The proposed FAS model is an extended Role-Based Access Control (RBAC) model which provides resource access capabilities based on roles assigned to the users. FAS can solve the problem of assigning multiple identities to a shared local name in grid-map file and mapping the remote entity's identity to a local name manually.