• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1319-1328
• /
• 2014

While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3289-3298
• /
• 1999

E-mail system is the most important service that enterprises and normal users in internet use. However, because a data security is not satisfied yet, and E-mail system with security service is essential. In this paper, We implemented the E-mail system with Certification of Delivery that was not provided in prior mail system with basic security services and can prove that sender's document is properly sent to the intended receipt. And an implementation of the system used Java Cryptography API.

• Journal of Navigation and Port Research
• /
• v.33 no.4
• /
• pp.283-288
• /
• 2009

To improve maritime security and enhance international shipping commerce within US ports in addition to ISPS (International Ship and Port Facility Security Code), the TWIC (Transportation Worker Identification Credential) program is working on the maritime field from the October 15, 2008 in the United States. In this paper, the program is reviewed and investigated in terms of goal, benefit, solution, and related legislation so forth In addition, other maritime security programs including MMD (Merchant Mariner Document), FAST (Free and Secure Trade), SIDA (Security Identification Display Areas). and Air Cargo security program was analyzed and compared in order to obtain relationship and difference with the program in terms of enrollment frequency, list and method of security check, and profile of each program As a result of this paper, the program is mostly to improve maritime security, protect individual privacy, and enhance commerce rather than other programs.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.5
• /
• pp.1000-1008
• /
• 2009

It also increases the competitive power of the nation. With all these merits of electronic documents, there exist threats to the security such as illegal outflow, destroying, loss, distortion, etc. Currently, the techniques to protect the electronic documents against illegal forgery, alteration or removal are not enough. Until now, various security technologies have been developed for electronic documents. However, most of them are limited to prevention of forgery or repudiation. Cryptography for electronic documents is quite heavy that direct cryptography is not in progress. Additionally, key management for encryption/decryption has many difficulties that security has many weak points. Security has inversely proportional to efficiency. It is strongly requested to adopt various cryptography technologies into the electronic document system to offer more efficient and safer services. Therefore, this paper presents some problems in cryptography technologies currently used in the existing electronic document systems, and offer efficient methods to adopt cryptography algorithms to improve and secure the electronic document systems. To validate performance of proposed method compare with the existing cryptographies, critical elements have been compared, and it has been proved that the proposed method gives better results both in security and efficiency.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.5
• /
• pp.93-99
• /
• 2004

The most important technology in the electronic commerce based on Internet is to guarantee the security of trading information exchange. Many technologies are proposed as a standard to support this security problem. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper an XML security model for web services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.1
• /
• pp.149-157
• /
• 2003

Recently, the Internet enhanced by development of IT makes the processing and exchanging of information, As the Internet is sending and receiving digitized documents over the Internet e-mail system. The security of document information is being threated when exchanging digitized documents over an open network such as the Internet. The degree of threat is even higher when sensitive documents are involved Therefore, in this paper, the secure e-mail system on a client is designed and implemented in order to make secure exchanging of digitized documents. By using the public key infrastructure in which encrypted mail transmission, proof of delivery and integrity of the message are garanted, unauthorized manipulation, illegal acquisition and mutual authentication problem can be prevented in order to secure the document information which is crucial and sensible when exchanging the digitized document over the Internet. Futhenmore, by using the SET protocol based on public key cryptography, the secure mail system is designed and implemented in order for the users not having any professional knowledge to deal with the system easily and friendly in GUI environment.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.141-147
• /
• 2015

KICS is intended to facilitate the computerization of the criminal justice process and realize a quick and transparent criminal justice process. Thus, it has been operating in the field of criminal justice by establishing criminal justice portal for the empowerment of the people. While in 2008 the opposition by the Court concerns the independent function of the judiciary and privacy violations presented in conjunction with its own operating system between the judiciary and other institutions. KICS improve office productivity by creating documents in a single criminal justice agencies to reduce costs, and costs of document exchange between criminal justice agencies. Secondly, the decision-making process is simplified by using the electronic documentation system and speed up, bind and document handling procedures ranging from preserving documents received are reduced dramatically contribute to the competitiveness of the organization through business improvement. Third, The use of an electronic document stored in the information is easy, and it is possible to easily access a variety of information can facilitate the realization of an open state by smoothly to provide information about the people. Finally, KICS building a network of criminal legal systems to maximize the benefits and the electronic integration effect it is being evaluated to improve the overall efficiency of the criminal legal system.

• Convergence Security Journal
• /
• v.9 no.2
• /
• pp.23-32
• /
• 2009

CeDA (Certified e-Document Authority) was adopted in March 2005. It is possible to register/store/send/receive/transfer/revoke e-documents by using trusted third party, CeDA. It is important to store not only e-documents of users but also logs produced by CeDA. Thus all logs must be electronically signed using certificate of CeDA. But management of electronically signed logs is difficult. In this paper, the method which can be applicable to authenticate all logs of CeDA using "Hash Tree" is present.

• Journal of information and communication convergence engineering
• /
• v.18 no.1
• /
• pp.39-48
• /
• 2020

Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

• Journal of IKEEE
• /
• v.25 no.4
• /
• pp.672-678
• /
• 2021

New malware continues to increase and become advanced by every year. Although various studies are going on executable files to diagnose malicious codes, it is difficult to detect attacks that internalize malicious code threats in emails by exploiting non-executable document files, malicious URLs, and malicious macros and JS in documents. In this paper, we introduce a method of analyzing malicious code for email security through proactive detection and blocking of malicious email attacks, and propose a method for determining whether a non-executable document file is malicious based on AI. Among various algorithms, an efficient machine learning modeling is choosed, and an ML workflow system to diagnose malicious code using Kubeflow is proposed.