• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.45-54
• /
• 2006

As widespread of using digital documents in various fields, control the usage of digital document is needed. So, Digital Rights Management(DRM) will become a key component of digital document system, but absence of proper digital document DRM system, there is a real risk to lose important information when a hacker achieved intrusion in important system. This paper designs and implements digital document DRM system based on OMA(Open Mobile Alliance) DRM model and OpenOffice. We considered being a digital document DRM system to contain appropriate solution of security and document compatibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.6
• /
• pp.109-117
• /
• 2011

We can use document issuance services provided by a school, bank, hospital, company, etc. either by visiting those facilities or by simply visiting their Web sites. Services available through the Internet allow us to use the same services as we do by actually going to those facilities at home or office any time. As much as it saves us time and money, there also arises a problem of information being forged on the Internet or on a printed document. There has to be security functions to deal with the problem. This paper intends to think of the possible security threats and draw out the necessary security functions that an on-line document issuance system should have based on the CC v3.1, so that anyone can use it as reference when they evaluate or introduce the system.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.8
• /
• pp.2060-2069
• /
• 1997

Information processing using computer in generalized in the office automation. In spite of to be integrate and concise form of document through computer network, signature of document with hand have processed as ever. The security on document flow out severely unjust by reason of increment inverse function of computer. Because of revelation secret of enterprise result from unjust outflow, lots of loss of self-enterprise is occured. In this paper, we used efficiently document using the method, electronic approval system with encryption, for the resolving above problems. Also we persue maintenance of security for the important document and process document signature rapidly. Finally, we design and implementation of electronic approval system that take one's share of function between server and client using to be transformed Vernam's encryption technique in stored document.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.635-644
• /
• 2002

We propose the PBSM(Protocol-Based Security Module) system which guarantees the secure data transmission under web environments. There are two modules in the PBSM architecture. One is Web Server Security Module(WSSM) which is working on a web server, the other is the Winsock Client Security Module(WSCSM) which is working on a client. The WSCSM security module decrypts the encrypted HTML document that is received from the security web server. The decrypted HTML document is displayed on the screen of a client. The WSSM module contains the encryption function for HTML file and the decryption function for CGI(Common Gateway Interface). The formal analysis methodology is imported from format theory for analyzing the data flow of the PBSM system. The formal analysis methodology is based on the order theory.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.5
• /
• pp.119-126
• /
• 2019

Typical software developed and used by North Korea is Red Star and internal application software. However, most of the existing research on the North Korean software is the software installation method and general execution screen analysis. One of the ways to identify software vulnerabilities is file fuzzing, which is a typical method for identifying security vulnerabilities. In this paper, we use file fuzzing to analyze the security vulnerability of the software used in North Korea's Seogwang Document Processing System. At this time, we propose the analysis of open document text (ODT) file produced by Seogwang Document Processing System, extraction of node based on Document Object Mode (DOM) to determine test target, and generation of mutation file through insertion and substitution, this increases the number of crash detections at the same testing time.

• The KIPS Transactions:PartC
• /
• v.10C no.4
• /
• pp.405-412
• /
• 2003

As the XML is approved standard language by the UN, the progress which complemented the XML security has being processed rapidly. In this paper, we design and implement the "XML-Signcryption" as a security mechanism to protect the XML document that can operate between other platforms. The signature and encryption which is the standard specification in W3C needs to be able to proceed them separately. Generally the signature and encryption require four times modular exponential operation, however the signcryption only needed three times modular exponential operation. This will benefit overall system effectiveness in terms of cost. And this scheme offers to convenient the user, because the signature and encryption implement as a single XML format. This tool can save the parsing time as a number of tags is few within a document. And also, in this paper, based on a research of Web Services security, we can apply XML-Signcryption to the SOAP message to provide the security services. Based on the XML-Signcryption scheme which provides confidentiality, integrity, authentication and non-repudiation to the XML document and Web Service security simultaneously.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.12
• /
• pp.2601-2608
• /
• 2010

It is difficult to merge text document and to remake use of documents on the most collaborative document authoring system using text document, and also to provide the storage place for saving and keeping documents. It has vulnerable drawbacks about the security though it provides the accessible abilities due to basing it on Web. In this paper, we design and implementation the collaborative document authoring system for XML document to improve a couple of problems on these systems. For these, we based on the DOM to manipulate the modeling object documents and utilized RMI on this system without considering socket communication when it transmits and receives Java objects. We improved the security through processes of authentication. By providing templates and editing functions such as annotation, visualization of document structures, we made easier making collaborative document authoring more than ever.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.429-436
• /
• 2018

Electronic documents are efficient to be created and managed, but they are liable to lose their originality because copies are created during distribution and delivery. For this reason, various security technologies for electronic documents have been applied. However, most security technologies currently used are for document management such as file access privilege control, file version and history management, and therefore can not be used in environments where authenticity is absolutely required, such as confidential documents. In this paper, we propose a method to detect document forgery and tampering through analysis of file system without installing an agent inside the instance operating system in cloud computing environment. BubbleDoc monitors the minimum amount of virtual volume storage in an instance, so it can efficiently detect forgery and tampering of documents. Experimental results show that the proposed technique has 0.16% disk read operation overhead when it is set to 1,000ms cycle for monitoring for document falsification and modulation detection.

• Convergence Security Journal
• /
• v.3 no.2
• /
• pp.57-65
• /
• 2003

A protection profile is the required specification document by consumer groups to specify what security purpose they would like to have in their specialized products. A protection profile assumption is the document that specifies consumer environment in the physical, artificial, network perspective and the contents of intended usage which include usage limitation, the value of latent asset, and additional applications for a TOE (Target of Evaluation). In this paper, we compare the assumptions of the NSA IDS PP and the IDS PP for government.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.4
• /
• pp.83-90
• /
• 2017

In the past, when the credit card was delivered to the customer, the postal agreement and receipt were signed by customer. The repossessed documents were sent back to the card company through the reorganization process. The card company checks the error by scanning and keeps it in the document storage room. This process is inefficient in cost and personnel due to delivery time, document print out, document sorting, image scanning, inspection work, and storage. Also, the risk of personal data spill is very high in the process of providing personal information. The proposed system is a service that receives a postal agreement and a receipt to a recipient when signing a credit card, signing the mobile image instead of paper, and automatically sending it to the card company server. We have designed a system that can protect the cost of paper documents, complicated work procedures, delivery times and personal information. In this study, we developed 'u-paperless' and secure credit card delivery system applying electronic document and security system.