• The Journal of the Korea Contents Association
• /
• v.9 no.8
• /
• pp.113-120
• /
• 2009

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Therefore, as it becomes more and more necessary to manage and protect massive XML data in an efficient way, the development of safe XML access control techniques needs a new method. In this study access authorization policies are defined to design access control systems. The findings demonstrated that algorithm suggested in this study improved system performance which was low due to the complex authorization evaluation process in the existing access control techniques. It is consequently proved that the safe XML access control policy presented in this study is in an improved form as compared with the existing access control methods.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.7
• /
• pp.861-870
• /
• 2002

The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and sewer, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority (CA).

• The Journal of the Korea Contents Association
• /
• v.20 no.7
• /
• pp.618-628
• /
• 2020

The purpose of this paper is to propose a new security orchestration service model by combining various security solutions that have been introduced and operated individually as a basis for cyber security framework. At present, in order to respond to various and intelligent cyber attacks, various single security devices and SIEM and AI solutions that integrate and manage them have been built. In addition, a cyber security framework and a security control center were opened for systematic prevention and response. However, due to the document-oriented cybersecurity framework and limited security personnel, the reality is that it is difficult to escape from the control form of fragmentary infringement response of important detection events of TMS / IPS. To improve these problems, based on the model of this paper, select the targets to be protected through work characteristics and vulnerable asset identification, and then collect logs with SIEM. Based on asset information, we established proactive methods and three detection strategies through threat information. AI and SIEM are used to quickly determine whether an attack has occurred, and an automatic blocking function is linked to the firewall and IPS. In addition, through the automatic learning of TMS / IPS detection events through machine learning supervised learning, we improved the efficiency of control work and established a threat hunting work system centered on big data analysis through machine learning unsupervised learning results.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.1
• /
• pp.100-106
• /
• 2018

Since the concept of virtual currency called Bitcoin was announced in 2008, the blockchain technology, which is the basis of Bitcoin, is attracting attention as an important platform technology in the era of the 4th industrial revolution that can change our society in the future. Although Existing electronic financial transactions store and manage all transaction history at a reliable central organization such as government and bank, blockchain-based electronic financial transactions are composed of a distributed structure in which all participants participating in the transaction store and manage the transaction history, it is possible to secure transaction transparency while reducing system construction and operation costs. Besides the virtual currency that started with bit coins, the technology of these blockchains has been extended in various fields such as smart contracts and document management. The key technology area of this blockchain is security based on proven cryptographic technology to make it difficult to forge and hack, but there are security risks such as security vulnerabilities in the virtual currency trading service, We will discuss security risks in using virtual currency and discuss countermeasures. Especially security accidents of virtual currency exchanges are occurring frequently recently, the damage of users who trade the virtual currency is also increasing, we propose security threats and security countermeasures against virtual currency exchanges.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.4
• /
• pp.845-850
• /
• 2011

In this paper, we proposed the digital contents distribution business model for the operation of integration between heterogeneous systems in order to use IPTV. Also, we designed and implemented the protection management system through this distribution business model. This proposed model maintains interoperability between the heterogeneous systems, creates rights protection document based on REL, and provides the new version of packaged digital contents to itself by packaging the digital contents. Overall, it ultimately offers an interoperable environment. Moreover, since we pre-defines the relations among REL data based on MPEG-21 standard, which creates the newly packaged digital contents, it is easy to edit data. We can expect to save expenses of digital contents distribution and rights protection technology. Additionally, we can further improve security by encapsulating the security technology of CAS and DRM system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.46-55
• /
• 2009

We study the problem of searching documents containing each of several keywords (conjunctive keyword search) over encrypted documents. A conjunctive keyword search protocol consists of three entities: a data supplier, a storage system such as database, and a user of storage system. A data supplier uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing each of several keywords. Recently, many schemes on conjunctive keyword search have been suggested in various settings. However, the schemes require high computation cost for the data supplier or user storage. Moreover, up to now, their securities have been proved in the random oracle model. In this paper, we propose efficient conjunctive keyword search schemes over encrypted documents, for which security is proved without using random oracles. The storage of a user and the computational and communication costs of a data supplier in the proposed schemes are constant. The security of the scheme relies only on the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem.

• International Journal of Computer Science & Network Security
• /
• v.22 no.11
• /
• pp.213-221
• /
• 2022

Intelligent Character Recognition System for Account Payable (ICRS AP) Automation represents the process of capturing text from scanned invoices and extracting the key fields from invoices and storing the captured fields into properly structured document format. ICRS plays a very critical role in invoice data streamlining, we are interested in data like Vendor Name, Purchase Order Number, Due Date, Total Amount, Payee Name, etc. As companies attempt to cut costs and upgrade their processes, accounts payable (A/P) is an example of a paper-intensive procedure. Invoice processing is a possible candidate for digitization. Most of the companies dealing with an enormous number of invoices, these manual invoice matching procedures start to show their limitations. Receiving a paper invoice and matching it to a purchase order (PO) and general ledger (GL) code can be difficult for businesses. Lack of automation leads to more serious company issues such as accruals for financial close, excessive labor costs, and a lack of insight into corporate expenditures. The proposed system offers tighter control on their invoice processing to make a better and more appropriate decision. AP automation solutions provide tighter controls, quicker clearances, smart payments, and real-time access to transactional data, allowing financial managers to make better and wiser decisions for the bottom line of their organizations. An Intelligent Character Recognition System for AP Automation is a process of extricating fields like Vendor Name, Purchase Order Number, Due Date, Total Amount, Payee Name, etc. based on their x-axis and y-axis position coordinates.

• Journal of Information Technology Services
• /
• v.14 no.2
• /
• pp.289-314
• /
• 2015

Recently, Most of the companies and government offices are under consideration about the adoption of cloud office service to actualize the smart work policies. Comparing with traditional office software, a cloud office service have the advantage of the method of payment and coming over the physical limitations. Many cloud office service users tend to adopt an official evaluated the service without doubt. However after deciding to adopt cloud office service, many users are faced with a variety of problems and difficulties practically. In this study, researchers carried out interview about those problems and difficulties after adopting a cloud office service. Consequently, there are several problems and difficulties such as compatibility, document security, document lost and maladjusted to the new graphic user interface between traditional office software and a cloud office service. A cloud office service have still several advantages not only a competitive price but also ubiquitous attributes. Thus, researchers need to study about what kinds of reason variables can solve those problems and difficulties. In existing research, DeLone & McLean have suggested information system success model. They use three independent variables which are system quality, information quality, service quality. Parameters are user satisfaction, intention to use and use. Lastly, dependent variables are net benefits. However in this study, we need to change the scope of measurement. In other words, we have to replace parameters with dependent variables. Simply, user satisfaction, intention to use and use is going to be dependent variables. There are several reasons why we need changing variables. First, we aim at giving a some suggestions to a cloud service providers which independent variables do not work to satisfy for the users. Second, we need to find out how to maximize cloud office service user's satisfaction and intention to use. Third, we should firstly know that relationship between independent variables and dependent variables. Finally, those research results give for the cloud office service provider to solve the cloud office service adopting problems and difficulties.

• Journal of Advanced Navigation Technology
• /
• v.15 no.3
• /
• pp.462-470
• /
• 2011

Since, Davis(1991) has proposed the TAM(Technology Acceptance Model) through a literature review of informatization promotion, which insists that a user conveniency is judged by the degree of effectiveness caused by IT, the advancement of IT such as the Internet, e-mail, electronic data exchange, and groupware have brought into various changes in ordinary corporations and public institutions. However, with the right function, the advancement of IT has provided various benefits including additional reverse functions. Based on an integrated environment of business process, unauthorized user could access to information and a management of information becomes more difficult than before due to informatization of critical information. Furthermore, external hacking or information leakage by insider becomes easier owing to advancement in communication technology. This study has tried to develop a specified management procedure and implementation method for confidential documents.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.885-888
• /
• 2002

인터넷 이용의 확산과 컴퓨팅 환경이 급속히 변화되면서 특수 소수 그룹의 구성원들 간의 정보, 공유와 재사용을 지원하는 웹 기반 협업 시스템 개발이 고조되고 있다. 하지만 이러한 웹 기반 협업 시스템들은 시스템 사용자 인증만의 절차에 의한 특수 소수 그룹간에 정보를 공유하고 있어 인가된 사용자를 가장한 악의의 사용자에 의한 정보의 삭제, 수정, 파괴 등의 불법적인 행동을 막을 수 없을 뿐만 아니라 민감한 정보의 공유는 더욱더 어렵게 했다. 따라서 본 논문에서는 이러한 문제점을 해결하기 위해 웹 기반 협업 시스템의 성격을 고려한 유연성 있는 보안정책과 보안모델을 바탕으로 소 그룹단위로 을 제어할 수 있는 접근제어와 민감한 정보의 불법적인 접근을 제어 할 수 있는 접근제어 시스템을 제안한다.