• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.10-17
• /
• 2018

Most of the privacy officers of organizations are hard to think of the corrective action about deficiencies of the PIMS(Personal Information Management Systems) certification. Because, it is difficult to define the priority of the complementary measures due to the unique characteristics and procedures of personal information protection for each organization. The purpose of this study is to evaluate the priority of the complementary measures using the Analytic Hierarchy Process(AHP). According to the results, it is important to comply with the legal requirements in the first tier. The second tier, PIMS experts answered that dedicated organization, password management, and agreement of the subject are important. Above all, agreement of the subject was found the highest priority for complementary measures about PIMS's deficiencies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.114-115
• /
• 2018

Recently in Bitcoin raising a social issue is sometimes called a horizontal and decentralized digital virtual currency utilizing the Blockchain technology such as a type of password currency. On the other hand, the Blockchain, which is a distributed ledger shared on P2P networks and it was first used in Bitcoin. These technologies are regarded as technologies that can be applied diversely in other fields, and are attracting high social interest. Looking at recent trends in the virtual currency market such as Bitcoin, price movements have increased since the Japanese government approved the virtual currency as a means of settlement last year. Therefore, we try to present theoretical practical suggestion through the viewpoint of the Blockchain technology which is core technology of Bitcoin based on innovative technology.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2004.10a
• /
• pp.553-559
• /
• 2004

In todays security industry, personal identification is also based on biometric. Biometric identification is performed basing on the measurement and comparison of physiological and behavioral characteristics, Biometric for recognition includes voice dynamics, signature dynamics, hand geometry, fingerprint, iris, etc. Iris can serve as a kind of living passport or living password. Iris recognition system is the one of the most reliable biometrics recognition system. This is applied to client/server system such as the electronic commerce and electronic banking from stand-alone system or networks, ATMs, etc. A new algorithm using nonlinear function in recognition process is proposed in this paper. An algorithm is proposed to determine the localized iris from the iris image received from iris input camera in client. For the first step, the algorithm determines the center of pupil. For the second step, the algorithm determines the outer boundary of the iris and the pupillary boundary. The localized iris area is transform into polar coordinates. After performing three times Wavelet transformation, normalization was done using sigmoid function. The converting binary process performs normalized value of pixel from 0 to 255 to be binary value, and then the converting binary process is compare pairs of two adjacent pixels. The binary code of the iris is transmitted to the by server. the network. In the server, the comparing process compares the binary value of presented iris to the reference value in the University database. Process of recognition or rejection is dependent on the value of Hamming Distance. After matching the binary value of presented iris with the database stored in the server, the result is transmitted to the client.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.11
• /
• pp.5872-5878
• /
• 2013

This study provides two channel structure and two factor authentication. First, a purchasing request by Internet and then user certification and a settlement approval process by mobile communication. Second, it support that proposal protocol utilize a partial factor value of stored in users smartcard, smart phone and password of certificate. Third, storage stability is improved because certificate store in smartcard. Finally, proposal protocol satisfy confidentiality, integrity, authentication, and non- repudiation on required E-commerce guideline. In comparative analysis, Efficiency of the proposal protocol with the existing system was not significantly different. But, In terms of safety for a variety of threats to prove more secure than the existing system was confirmed.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.5
• /
• pp.659-664
• /
• 2010

This paper provides an integrated framework for biometric data and private information protection in TeleHealth. Biometric technology is indispensable in providing identification and convenience in the TeleHealth environment. Once biometric information is exposed to mallicious attacker, he will suffer great loss from the illegferuse of his biometric data by someone else because of difficulty of change not like ID and password. We have to buil by someone esystem data bon the integrated framework for biometric data and private information protection in TeleHealth. First, we consider the structure of the biometric system and the security requirements of y someone esystem data bon the biometrics. And then, we define the TeleHealth system model and provide the vulnerabilities and countermeasures of the biometric-data by someone eintegrated model.byhe TeleHealth sse bec requires two-phata authentication for countermeasure. Finally, we made some functionferrequirements for main componenets of biometric-data bintegrated TeleHealth system framework to protect biometric data.

• Journal of Digital Contents Society
• /
• v.19 no.1
• /
• pp.193-198
• /
• 2018

In Korea, the penetration rate of Internet, telephone and smart devices is reaching the highest level in the world. Cyber financial crimes that exploit such infrastructures continue to evolve. Since the first Voice Phishing crime in May 2006, ten years later, there has been a constant occurrence of Voice Phishing crime. Voice Phishing is a crime in which a victim is phoned for false information to figure out the victim's account number and password. This method of Voice Phishing evolves day by day, and it is difficult to investigate. Most of Voice Phishing is a form of international organized crime that is based in Southeast Asia such as China, and it is not easy to eradicate by international cooperation investigation. The purpose of this study is to investigate the actual situation and case analysis of Voice Phishing crime, and to propose the countermeasures against police Voice Phishing counterplan.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.85-92
• /
• 2010

There is an authentication method for participants with an encrypted ID and password as a symmetric-key in multilateral video conferencing. It is hard to manage when the security-keys makes many while the transportation processing for the encryption and decryption get complicated when the video conferencing involves a number of participants and the third party as an attackers to gain unauthorized symmetric-key to access video conference which makes a problem less secrecy. This study suggests three ways to enhance security in video conference: first, we present PKI-based X.509 certificate for authenticating the participants of multilateral conferencing and we suggest to encode and decode the video conference media data using a secrecy key created by each of the conference participants; second, a more secured multilateral video conferencing can be expected in a group communication by using the participants secrecy key in creating and distributing group keys, where the group key will be renewed whenever there is change in the group member; and finally, we suggest to encode the RTP payload of the media data before transmission.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.5
• /
• pp.622-629
• /
• 2019

VR(Virtual Reality), which provides realistic services in virtual reality, provides a similar experience using a Head Mounted Display(HMD) device. When the HMD device is worn, it can not recognize the surrounding environment and it is easy to analyze the input pattern of the user with the Shoulder Surfing Attack(SSA) when entering the Personal Identification Number(PIN). In this paper, we propose a method to safeguard the user's password even if the hacker analyzes the input pattern while maintaining the user's convenience. For the first time, we implemented a new type of virtual keypad that deviates from the existing rectangle shape according to the VR characteristics and implemented the lock object for intuitive interaction with the user. In addition, a smart glove using the same sensor as the existing input devices of the VR and a PIN input method suitable for the rotary type are implemented and the safety of the SSA is verified through experiments.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.2
• /
• pp.105-115
• /
• 2011

User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.730-737
• /
• 2003

In this paper, we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. An IEEE 802.1x system consists of PC supplicants, a bridge with authentication client functions, and an authentication server. For the network security and user authentication purposes, a supplicant who wants to access Internet should be authorized to access the bridge port using the Extended Authentication Protocol (EAP) over LAN. The frame of EAP over LAN is then relayed to the authentication server by the bridge. After several transactions between the supplicant and the server via the bridge, the supplicant may be either authorized or not. Noting that the transactions between the relaying bridge and the server will be increased as the number of supplicants grows in public networks, we propose a scheme for reducing the transactions by employing an authentication proxy function at the bridge. The proxy is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the bridge handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional 802.1x system.