• Journal of Digital Contents Society
• /
• v.12 no.2
• /
• pp.165-176
• /
• 2011

Recently, digital rights management (DRM) related researches are widely spreading with prosperity of IT industries. The DRM technology protects proprietor of copyright by preventing mischanneling and illegal copy. In this paper, we propose a new DRM model that has an enhanced and efficient protocol based on certificate using smart card. The proposed model overcomes weaknesses of WCDRM model and has following additional advantages: first, copy protection is enhanced by hiding user's specific information from attacker by storing the information within smart card; second, server load for contents encryption is reduced by making clear protocols among author, distributer, certificate authority, and users; third, offline user authentication is guaranteed by combining partial secret values in media players and smart card. Exposure of core information also is minimized by storing them in smart card. In addition, we show that the proposed system is more secure than WCDRM model by comparing various factors of anonymous attackers.

• Review of KIISC
• /
• v.11 no.3
• /
• pp.57-64
• /
• 2001

최근 공개키 암호 시스템의 사용이 급증하면서 공개키의 무결성과 신뢰성 문제를 해결하고자 등장한 인증서기반의 공개키 기반 구조(PKI)와 관련된 다양한 응용프로토콜에 관한 연구가 활발히 진행되고 있다. 본 고에서는 PKI 응용프로토콜 중에서 PKI 개체들간의 인증서관련 메시지 교환 표준인 인증서 관리 프로토콜(Certificate Management Protocols) 을 분석하였다. CMP에 관련된 문서는 IETF에서 표준화한 RFC2510과 2001년 2월에 제안된 드래프트가 있는데, 본 고에 서는 RFC2510을 중점적으로 분석한 후, 드래프트에서 새로 제안된 부분을 추가하여 두 문서를 비교 분석하였다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.13-23
• /
• 2020

Currently, online means of replacing resident registration numbers(RRN) include I-Pin, mobile phone, credit card, MyPin, and general-purpose certificate. In order to issue alternative means based on the RRN, it must be designated through the designation review by the Korea Communications Commission(KCC) through a designation review by personal proofing agency and be subject to annual management. However, the criteria for designation and follow-up of the designation of the personal proofing agency carried out by KCC have been used in 2010 without revision, and there are problems that do not conform to the evaluation standards of various alternative means. Therefore, in this paper, we propose a method for improving the designation criteria and management system of the personal proofing service agency. The proposed method analyzes the characteristics of the alternative identification-based personal proofing service and proposes a follow-up management standard that can appropriately evaluate the analyzed characteristics and improves the designation criteria according to the emergence of new alternatives. Through the proposed method, it can be seen that it is possible to strengthen the safety of the personal proofing service based on the alternative means of RRN provided online and face-to-face and to protect the user's personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.89-100
• /
• 2002

In this paper, we propose a group key management architecture for the secure group communications in mobile netwowrks and authenticated key agreement protocol for this system. Most of existing group key management schemes un certificates based on the public key for the purpose of user authentication and key agreement in secure fashion however, we use the ICPK(Implicitly Certified Public key) to reduce the bandwidth for a certificate exchanging and to improve a computational efficiency. In this architecture, we use two-tier approach to deal with key management where the whole group is divided into two parts; the first is a cell groups consisted of mobile hosts and another is a control group consisted of cell group managers. This approach can provide flexibility of key management such that the affection for a membership change is locally restricted to the cell group which is an autonomous area of the CGM(Cell Group Manager).

• Journal of the Korean Society for information Management
• /
• v.26 no.2
• /
• pp.27-41
• /
• 2009

With explosive growth in the area of the Internet and IT services, various types of digital contents are generated and circulated, for instance, as converted into digital-typed, secure electronic records or reports, which have high commercial value, e-tickets and so on. However, because those digital contents have commercial value, high-level security should be required for delivery between a consumer and a provider with non face-to-face method in online environment. As a digital contents, an e-ticket is a sort of electronic certificate to assure ticket-holder's proprietary rights of a real ticket. This paper focuses on e-ticket as a typical digital contents which has real commercial value. For secure delivery and use of digital contents in on/off environment, this paper proposes that 1) how to generate e-tickets in a remote e-ticket server, 2) how to authenticate a user and a smart card holding e-tickets for delivery in online environment, 3) how to save an e-ticket transferred through network into a smart card, 4) how to issue and authenticate e-tickets in offline, and 5) how to collect and discard outdated or used e-tickets.

• Journal of Industrial Convergence
• /
• v.21 no.7
• /
• pp.41-49
• /
• 2023

In recent years, various educational institutions have used online certificate services to verify academic achievement related to graduation and grades. However, the certificate of the existing system has limitations in verifying and tracking whether it is true or not and detailed academic background. In this regard, cases of forgery/falsification of online/offline certificates continue to occur. This study proposes a blockchain-based verification method that is safe from forgery and alteration, focusing on university institutions. Necessary information such as detailed class categories for each department, attendance, and detailed grades was collected/analyzed to create a linkage relationship through blockchain. In addition, the system/network environment required for blockchain sharing was considered, and it was implemented as an extension module in the form of an independent web application. As a result of the block chain verification, it was proved that the safe trust verification of educational information and the relationship between detailed information can be traced. This study aims to contribute to the improvement of academic credential verification services and information security for Korean educational institutions in the future.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.287-293
• /
• 2021

Recently, public certificates issued by nationally-recognized certification bodies have been abolished, and internet companies have issued their own common certificates as certification authority. The Electronic Signature Act was amended in a way to assign responsibility to Internet companies. As the use of a joint certificate issued by Internet companies as a certification authority is allowed, it is expected that the fraud damage caused by the theft of public key certificates will increase. We propose an authentication model that can be used in a security gateway that combines PKI with a blockchain with integrity and security. and to evaluate its practicality, we evaluated the security of the authentication model using Sugeno's hierarchical fuzzy integral, an evaluation method that excludes human subjectivity and importance degree using Delphi method by expert group. The blockchain-based joint certificate is expected to be used as a base technology for services that prevent reckless issuance and misuse of public certificates, and secure security and convenience.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.87-97
• /
• 2014

Pharming attack is a confidence trick that the hacker catch away customers financial information on Internet banking. At first, a hacker installs malicious execution code on customers PC in secret. As a customer tries to connect a Internet banking Web site, the malicious code changes it to phishing site in Internet explorer. The hacker catch away customers financial information in process of internet banking. The hacker steals money from customer's bank account using stolen information. PKI is a widespread and strong technology for providing the security using public key techniques. The main idea of PKI is the digital certificate that is a digitally signed statement binding an user's identity information and his public key. The Internet banking service stands on the basis of PKI. However, the bank is trusted in natural, the only customer is certified in the present Internet banking. In this paper, we propose a method of cross certification in Internet banking. The customer certify a bank and the bank certify the customer in proposed method. The method can service to customer the secure Internet banking about pharming attack. We compare the proposed method with other methods.

• Management & Information Systems Review
• /
• v.32 no.5
• /
• pp.157-174
• /
• 2013

In this research I investigate different firm characteristics between environment-friendly companies which are awarded by the Government and companies which violate environmental regulations. I set up three hypotheses in terms of managers' environmental attitude and firms' characteristic in technical, financial and structural aspects, considering environmental experts' opinions and findings of previous papers. Main research findings are as follows. First, both acquisition of the ISO 14001 certificate and ownership structure are used as proxy of top management attitude towards environmental decision-making. It is hypothesized that it is found that the certificates of ISO 14001 is a good proxy to represent top management environmental attitude and a firm with the certificate would have less likelihood of violation. Second, it is hypothesized that technical ability affects violation tendency of environmental regulations. It is found that as R&D investment increases, violation likelihood of environmetal regulations decrease. It can be conjectured that R&D investment may improve technical abilities of observing environment regulations. Third, it is investigated whether a firm's financial capability affects violation tendency of environmental regulations. Fourth structural aspects of a firm such as capital intensity, the number of employees and export ratio are investigated. It is found that a firm with more employees per sale amount tends to violate environmental regulations. It is not found any effects of expert ratio nor capital intensity on violation tendency of environmental regulation.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.73-76
• /
• 2019

현재의 채용 시스템은 이력서에 구직자가 직접 자격증 정보를 입력하고 기업 이를 검증하기 위한 절차를 별도로 수행한다. 자격증 정보 관리와 검증의 불편함을 줄이기 위해 하이퍼레저 기반 블록체인 기술을 이용하여 자격증 관리 플랫폼을 구축하고자 한다. 구직자는 한 번의 인증으로 자신의 모든 자격증을 관리하고 기업에서는 이력서에 포함된 키를 이용하여 블록체인에 자격증 정보를 조회함으로써 별도로 원본을 제출할 필요없이 자격증의 유효성을 증명할 수 있다.