• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.183-191
• /
• 2012

This study proposes dual certification model using both what users know and what users own. In detail, this mobile OTP generation model is made up of mobile OTP generation and extraction algorithm satisfying the conditions for reviewing mobile OTP implementation. In order to improve the security of the existing OTP-based systems, the suggested method utilizes user's ID and random number at the mobile OTP generation stage.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.15-25
• /
• 2018

ISO/IEC 15118 is a standard for communications and services for electric vehicle charging infrastructure. Although this standard deals only with data communication between an electric vehicle and a charge station, communication with the outside is essential for establishing an authentication system for vehicle certification and V2G service for electric power transmission. In this study, it was designed to verify the information of electric car charging infrastructure in electric power system through communication link between ISO/IEC 15118 electric vehicle model and IEC 61850 standard MMS protocol. This is demonstrated in the field so that the electric vehicle communication data is linked with the micro grid management system. This could be used as an element technology in other distributed power sources as well as electric cars in the future.

• Proceedings of the KSR Conference
• /
• 2008.06a
• /
• pp.378-383
• /
• 2008

One of the main concerns of railway system is to secure safety. Nowadays digital technology has been rapidly applied to safety critical system. The digital system performs more varying and highly complex functions efficiently compared to the existing analog system because software can be flexibly designed and implemented. The flexible design makes it difficult to predict the software failures. For this reason, the safety criteria are suggested to secure the software safety for the field of railway system. Following them, the railway software have to be examined whether it is properly developed according to the safety criteria and certification process. Because the articles suggested in safety criteria are written in legal term, it is difficult to apply the criteria to develop railway software. This paper suggests and discusses a development and assessment procedure to solve these issues for railway software with more detail description.

• Journal of Digital Convergence
• /
• v.9 no.5
• /
• pp.113-121
• /
• 2011

As the importance of information security grows, the demand of professionals in information security field is continuing to increase. In developing as information security professionals, however, there are practical problems to be solved in advance. This study defines the body of essential knowledge(EBK) for information security professional development; on the other hand, this study suggests a education program as a multidisciplinary major based on the EBK.

• Journal of Digital Convergence
• /
• v.1 no.1
• /
• pp.69-91
• /
• 2003

The purpose of this paper is to provide several considerations to be taken into account when institutionalizing the information security(Infosec) pre-assessment. Infosec pre-assessment is a necessary process to embed the security requirements into the information systems at the early stages in their development, resulting in more cost-effective infosec. In order to provide some institutional issues, domestic infosec assessment schemes and U.S. Infosec certification and accreditation schemes are reviewed. Also, the current status of infosec implementation in the public information systems projects is analyzed. Based on the analyses, the seven suggestions are proposed in developing and performing the infosec pre-assessment scheme.

• International Commerce and Information Review
• /
• v.6 no.1
• /
• pp.191-210
• /
• 2004

There are increasing needs for an individual or enterprise to interchange documents electronically through communication network to enhance the efficiency of business, owing to rapid process of transactions. But e-commerce encounters the problems regarding the handling the electronic documents, that is to say, deposit and proof of the electronic documents. This paper deals with Authorized Electronic Data Depot as an integrated system for processing, relaying and proving documents that. Authorized Electronic Data Depot operates as e-enabler in exchanging documents in trust among administrative agencies and a comprehensive government directory, digital government seal certification system and DNS system. Authorized Electronic Data Depot leads public and private sectors to save the paper-related costs. But the regulations concerning an authorized electronic data depot is introduced in the course of revision of Electronic Transactions Act. The purpose of this paper is to suggest some guidelines in legalizing the authorized electronic data depot.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.2
• /
• pp.19-25
• /
• 2018

With the development of IT technology, various services such as artificial intelligence and autonomous vehicles are being introduced, and many changes are taking place in our lives. However, if secure security is not provided, it will cause many risks, so the information security becomes more important. In this paper, we analyzed the research trends of main themes of information security over time. In order to conduct the research, 'Information Security' was searched in the Web of Science database. Using the abstracts of theses published from 1991 to 2016, we derived main research topics through topic modeling and time series regression analysis. The topic modeling results showed that the research topics were Information technology, system access, attack, threat, risk management, network type, security management, security awareness, certification level, information protection organization, security policy, access control, personal information, security investment, computing environment, investment cost, system structure, authentication method, user behavior, encryption. The time series regression results indicated that all the topics were hot topics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.81-88
• /
• 2007

In on-line transaction, the transparency is the key factor for the taxation and customer's rights. Using the cash register concept of the off-line transaction, we studied on-line transaction register model for the e-commerce transparency. Although on-line transaction register may be used under the related e-commerce laws, in this paper, we only considered the mechanism of the register. The register issues the digital receipt, and then the receipt can be verified the validation by the models developed in this paper.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.210-212
• /
• 2022

4차 산업혁명의 시대적 요구에 따라 스마트워크, 원격진료, 메타버스 등 원격 접속 기반의 사회 인프라 환경이 확산되고 있으며, 코로나19는 이와 같은 원격접속 환경을 가속화하였다. 원격 접속 환경에서는 공간, 시간, 단말 등의 제약으로부터 비교적 자유롭게 기업 내부의 중요 자원 및 서비스를 이용할 수 있기 때문에 노동 생산성을 증대시킨다는 이점은 있으나, 충분히 검증받지 않은 작업 환경이기 때문에 보안적 측면에서는 문제를 야기시킬 수 있다. 또한 전통적인 정보보호 관리체계에서는 원격접속 환경은 허용하지 않거나 최소화한다는 기본 사상을 바탕으로 설계되어 있기 정보보호 전략적 한계가 존재한다. 본 논문에서는 이와 같은 정보보호 전략적 한계를 개선하기 위해 제로 트러스트 아키텍처 기반의 정보보호 관리체계 구축에 대한 방안을 제언한다.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.153-159
• /
• 2012

Now a days, U-healthcare comes into the spotlight as a new business model which combines RFID technology with medical service in the well-being era and IT popularization. U-healthcare service needs a method that can deals with hand-writing, overlap data, forgery and falsification of data, difference between information version that happen in medical process because of graft between RFID technology and u-healthcare. This paper proposes RFID based user certification protocol to protect user's privacy who gets medical service through U-healthcare. In the protocol, secret information of patient does the XOR with the secret key that is created in the hospital to reconsider the stability of security system of U-healthcare and user's data forgery and falsification and privacy and then saves it in the secret key field of patient in DB table. Also, it informs the case of illegal access to certification server and make it approved the access of u-healthcare service by differentiating whether u-healthcare is illegal or not.