• The Journal of Society for e-Business Studies
• /
• v.2 no.1
• /
• pp.79-94
• /
• 1997

Commerce activities which are free form space and time constraint using a communication network are called Electronic Commerce(EC). Because of sending a commercial information using open network such as Internet in EC, they need the security of commerce information (payment information and purchase information), checking the integrity of transferring data and certifying all parts participated in commerce for a secure commerce. Recently Visa and MasterCard Co. released the Secure Electronic Transaction (SET) Protocol for secure payment card transaction on Internet. This paper proposes a Secure Electronic Commerce Transaction Model(SECTM) using SET in order to support the secure commerce on Internet. The proposed transaction model prevents merchant from abusing the cardholder's payment information (credit-card number etc.) and enables cardholder to shop securely in Electronic Shopping Mall.

• Korea Journal of Hospital Management
• /
• v.6 no.3
• /
• pp.69-89
• /
• 2001

This study is focused that the electronic commerce(EC) on the purchasing section may improve the efficiency and transparency of the hospitals management. After reviewing the purchasing activity of hospitals, I study the introduction, expected effects, and problems of EC. So, I am going to provide basic information for activating EC. The samples are managers of 170 hospitals, which are located on Seoul. As a result of collection this survey, I analyze 79 hospitals. For data analysis, I use $X^2$-test and ANOVA for purchasing management and the relevance of EC according to the level of care. The results of this study are 1. The problems on the management of purchasing section are: firstly, they don't have sufficient time to study market. Secondly, it is difficult to find competitive suppliers. And, lastly, they cannot gather a lot of information about the price of products. 2. There are many answers of the needs on the introduction of B2B. However, some hospitals think they don't need it. But, the most answers are that the EC will be settled within 4 years. So, we can realize that these hospitals are getting interested on the EC. On the other hand, I find that they prefer outside EC companies for the introduction of EC. 3. On the expected effects on EC, first is the effectiveness of the market survey. The next is to collect information of adequate price of products owing to clear transaction, find easier new suppliers and gather useful data. 4. On the external problems of the introduction of EC, there is low credibility related to the security and the weakness of suppliers' information system. Especially, on the Real Transaction Price Payment system, the bigger bed size, the higher understanding on these problems. On the internal problems of the introduction of EC, first is the burden of the introduction of EC and operating cost. Especially, on the burden of the disclosure of revenue source, the smaller bed size, the higher understanding on this problem So, this is a point which deserves my attention statistically. However, this shows relatively little understanding about incomplete the standard of product category and the weak information system of hospital. Through this study, I am going to suggest 3 points for the activation of the introduction of EC on hospitals. 1. The reform of the Real Transaction Price Payment System on medical supplies and materials for medical treatment 2. The establishment of the standard of product category 3. The promotion of information system based on network.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1998.12a
• /
• pp.405-420
• /
• 1998

본 논문에서는 타원곡선 암호시스템의 효율적인 소프트웨어 구현 방법을 제안하였다. 타원곡선과 유한체 F$_{p^{m}}$ 의 선택 방법을 제안하고, 선택한 타원곡선에서 생성자 G를 찾는 방법을 제시하였다. 타원곡선 위의 점에 대한 상수배 (scala multiplication)를 효율적으로 구현하기 위해서 덧셈/뺄셈 사슬을 사용한 윈도우 방식을 채택하여 타원곡선에서의 KCDSA(EC-KCDSA)를 구현하고 수행 성능과 수치 예를 보였다.

• 한국IT서비스학회:학술대회논문집
• /
• 2009.05a
• /
• pp.205-208
• /
• 2009

이 논문에서는 RFID(Radio Frequency IDentification)에 대한 여러 가지 보안위협에 대하여 간단히 알아보고 그에 대응하는 안전한 암호학적 도구(Primitive)에 대하여 알아보겠다. 공개키 암호시스템(PKC, Public Key Cryptosystem)에 사용되는 타원곡선(EC, Elliptic Curve) 암호, NTRU(N-th degree TRUncated polynomial ring) 암호, Rabin 암호 등은 초경량 하드웨어 구현에 적합한 차세대 암호시스템으로서 안전한 RFID 인증서비스 제공과 프라이버시보호를 가능케 한다. 특히, 본고에서는 초경량 키의 길이, 저전력 소모성, 고속구현 속도를 갖는 타원곡선암호의 안전성에 대한 가이드라인을 제공하겠다.

• The Journal of Society for e-Business Studies
• /
• v.6 no.3
• /
• pp.101-113
• /
• 2001

Security is very important in EC(Electronic Commerce) environment because exchanged information(that is transaction details, private data, charges data(card-no, accounts), etc) is various and is very sensitive. So, In this paper, we propose Secure-ReXpis(Reliable St excellent Xh3 Processing Infrastructure) System that transfer message and support Message Level Security(Encryption/Decryption and Digital Signature). And we implement Message Confidentiality Service, User Authentication ＆ Message Integrity Service and Non-Repudiation Service among the various Security Services. This system support XML message format and EDI message, WEB Data and Private Format Data, etc.

• Korean Security Journal
• /
• no.3
• /
• pp.251-272
• /
• 2000

Attempts have also been made to locate security in the so-called 'policingdivision of labour' In order to understand this, it is necessary to identify some of the links which exist between public police organizations and the private security sector. Such links can be divided into six types : 1) Interpersonal links, 2) Joint operations, 3) Exchange of services, 4) Granting of special powers, 5) Public bodies hiring private personnel, 6) New organizational. Van Reenen provides a useful outline of the different dimensions of future Glibalization of policing. Developments, he suggests, are likely to proceed in four directions : 1) Co-operation : at this level, the nature and powers of national police systems are not required to change, co-operation occurring between self-standing forces. 2) Horizontal integration : this arises when officers obtain authority to operate in another country, or where government officials from one country get authority over the police in another country. 3) Vertical integration : this exists when a police organization is created which can operate within the area of the EC as a whole. 4) Competition : the internationalization of policing in Europe presents itself, more and more, as a market in which different policing systems trade their products.

• Proceedings of the CALSEC Conference
• /
• 2001.08a
• /
• pp.165-176
• /
• 2001

* Extension of EC(Electronic Commerce) * Standard of Message -EDI : UN/EDIFACT, ANSI X12, etc -XML : ebXML, CML, MathML, WIDL, etc * Various of Information -Business Transaction Data -Private Data : ID, Password, Personal Information -Charge Data : Accounts, Card, etc * Message Level Security(omitted)

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.1-16
• /
• 2005

This paper propose not only MDIT(Mobile Digital Investment Trust) agent design for Trust Investment under Mobile E-commerce environment, but also the symmetric key algorithm 3BC(Bit, Byte and Block Cypher) and the public encryption algorithm F2mECC for solving the problems of memory capacity, CPU processing time, and security that mobile environment has. In Particular, the MDIT Security Agent is the banking security project that introduces the concept of investment trust in mobile e-commerce, This mobile security protocol creates a shared secrete key using F2mECC and then it's value is used for 3BC that is block encryption technique. The security and the processing speed of MDIT agent are enhanced using 3BC and F2mECC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.113-124
• /
• 2002

Proposals for a password-based authenticated key exchange protocol that have been published so far almost concentrated on the provable security. But in a real environment such as mobile one, efficiency is a critical issue as security. In this paper we discuss the efficiency of PAK which is secure in the random oracle model ［l］. Among 4 hash functions in PAK the instantiation for $H_1$, which outputs a verifier of the password, has most important effect on the computational efficiency. We analyze two different methods for $H_1$ suggested in ［1］ and we show that $H_{lq}$ has merits in transforming to EC or XTR variants as well as in the efficiency. As an efficient variant. we propose PAK2-EC and PAK2-XTR which do not require any additional step converting a hash output into a point of elliptic curve or XTR subgroup when compared to the previous work on the PAK［2］. Finally we compare PAK2 with the password-based authenticated key exchange protocols such as SPEKE, SRP, and AMP.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.11
• /
• pp.622-633
• /
• 2002

Authentication and Key Agreement using password provide convenience and amenity, but what human can remember has extremely low entropy. To overcome its defects, AMP(Authentiration and key agreement via Memorable Password) which performs authentication and key agreement securely via low entropy password are presented. AMP uses Diffie-Hellman problem that depends on discrete logarithm problem. Otherwise, this thesis applies elliptic curve cryptosystem to AMP for further efficiency That is, this thesis presents EC-AMP(Elliptic Curve-AMP) protocol based on elliptic curve discrete logarithm problem instead of discrete logarithm problem, and shows its high performance through the implementation. EC-AMP secures against various attacks in the random oracle model just as AMP Thus, we nay supply EC-AMP to the network environment that requires authentication and key agreement to get both convenience and security from elliptic curve discrete logarithm problem.