• Journal of Industrial Convergence
• /
• v.21 no.9
• /
• pp.49-56
• /
• 2023

ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.41-55
• /
• 2005

A group key agreement protocol allows a group of user to share a key which may later be used to achieve certain cryptographic goals. In this paper, we propose a new scalable two-round ID-based group key agreement protocol which would be well fit to a Pay-TV system, additionally. to the fields of internet stock quotes, audio and music deliveries, software updates and the like. Our protocol improves the three round poop key agreement protocol of Nam et al., resulting in upgrading the computational efficiency by using the batch verification technique in pairing-based cryptography. Also our protocol simplifies the key agreement procedures by utilizing ID-based system. We prove the security of our protocol under the Computational Diffie-Hellman assumption and the Bilinear Decisional Diffie-Hellman assumption. Also we analyze its efficiency.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.85-97
• /
• 2022

With the development of big data technology, data is rapidly entering a hyperconnected intelligent society that accelerates innovative growth in all industries. The convergence industry, which holds and utilizes various high-quality data, is becoming a new growth engine, and big data is fused to various traditional industries. In particular, in the medical field, structured data such as electronic medical record data and unstructured medical data such as CT and MRI are used together to increase the accuracy of disease prediction and diagnosis. Currently, the importance and size of unstructured data are increasing day by day in the medical industry, but conventional data security technologies and policies are structured data-oriented, and considerations for the security and utilization of unstructured data are insufficient. In order for medical treatment using big data to be activated in the future, data diversity and security must be internalized and organically linked at the stage of data construction, distribution, and utilization. In this paper, the current status of domestic and foreign data security systems and technologies is analyzed. After that, it is proposed to add unstructured data-centered de-identification technology to the guidelines for unstructured data and technology application cases in the industry so that unstructured data can be actively used in the medical field, and to establish standards for judging personal information for unstructured data. Furthermore, an object feature-based identification ID that can be used for unstructured data without infringing on personal information is proposed.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.189-198
• /
• 2003

As people are damaged increasingly by personal information leakage, awareness about user privacy infringement is increasing. However, the existing DRM system does not support the protection of user's personal information because it is not necessary for the protection of copyrights. This paper is suggesting a license administration protocol which is more powerful to protect personal information in DRM. To protect the exposure of users identifier, this protocol uses temporary ID and token to guarantee anonymity and it uses a session key by ECDH to cryptography and Public-Key Cryptosystem for a message so that it can protect the exposure of personal information and user's privacy.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.60-66
• /
• 2020

In this paper, the FIDO (Fast IDentity Online) transaction certification platform was proposed for applying the DID (Decentralized ID) of blockchain with home shopping channels to the IPTV service providers based on the Remocon (Remote Control). In this case, the DID based smart remocon applies biometric identification techniques for personal identification. These individual DID smart remote controls apply distributed ID blockchain, enabling home shopping viewers to conduct reliable ratings surveys through the detection of channel changed information. In addition, this smart remocon utilizes the product purchased information history on home shopping channels, allowing IPTV's home shopping viewers to compare the same broadcasted production information on all channels by blockchain technique and their production characteristics. IPTV service providers can process home shopping order/authorization informations in one-stop service via a number of home shopping broadcasting companies, and DID smart remote controls for home shopping viewers with the checking results of their real-time online access to confirm the FIDO2.0 transaction certification homepage. Thus, the FIDO transaction authentication platforms of IPTV service provider(Telecommunication company) can be expected to improve the benefits of home shopping customers, and to reduce the broadcasting companies' burden of payment, too.

• Journal of Korea Society of Industrial Information Systems
• /
• v.13 no.2
• /
• pp.80-87
• /
• 2008

RFID systems are being studied and developed in the area of the industry and marketplace. Recently RFID systems are core element of the ubiquitous technologies in individual life and industry. However, RFID systems often cause some serious problems such as violation of privacy and information security because their contactless devices communicate each other by radio frequency In this paper, we propose multiple objects RFID tag scheme including tag structure and authentication protocol. The proposed RFID tag structure maintains several object IDs of different applications in a tag memory. The tag structure allows those applications to access object IDs simultaneously. The authentication protocol for multiple objects tag is designed ta overcome the problems of security and privacy. The protocol has robustness against various attacks in low cost RFID systems. We evaluate the efficiency of proposed scheme and compare security of our scheme with several traditional schemes.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1113-1116
• /
• 2005

최근들어 Radio Frequency Identification(RFID) 태그가 다수의 상품에 부착되고 여러 분야에 적용되기 시작했지만, 편리성이나 비용문제로 인해 인증과 암호화 같은 보안기능은 적용되지 않고있다. 보안 기능이 없는 RFID 시스템은 개인정보 노출, 불법 리더의 접근, 위조 태그의 남용과 같은 심각한 부작용을 초래하지만, 태그 자원의 제약으로 인해 보안기능을 적용하기가 쉽지않다. 현재 여러 기술을 따르는 RFID 시스템 중 EPCglobal 의 EPC Class 1 Generation 2(C1G2) 는 산업계의 여러 분야에서 특히, supply-chain 모델에서 사실상 국제표준으로 여겨진다. 본 논문에서는, RFID 보안 프로토콜 중 EPC C1G2 메커니즘의 Inventory 과정에서 태그가 리더를 인증하는 기법을 제안한다. C1G2 시스템에서는 인증되지 않은 리더의 태그 액세스가 가능한데, 이는 태그의 리더 인증으로서 차단될 수 있다. 또한, EPC C1G2 태그-리더 간의 상호인증 기법을 제안한다. 이 과정에서 태그 ID 는 노출되지 않고 전송되며, 태그 인증을 통해 태그 위변조를 방지할 수도 있다. 제안 메커니즘은 태그를 식별하는 절차에서 인증을 위해 프로토콜 패스 수의 증가가 없다. 다만 리더와 태그에서 Inventory 과정의 ACK command 와 태그의 reply 구현에 약간의 수정을 필요로 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.637-638
• /
• 2009

디지털 ID는 온라인 환경에서 사용자를 식별하기 위한 수단으로 사용되고 있다. 하지만 온라인상에 저장된 개인정보 노출뿐만 아니라 신원도용에 따른 사용자의 프라이버시 침해 및 금전적 피해 등으로 이어질 수 있어 이에 대한 관심과 중요성이 높아지고 있다. 따라서 본 논문에서는 전자적인 수단을 통해 정보 시스템에 제시되는 사용자 신원을 확인하는 전자 인증 과정과 신원 인증에 대한 보증 레별별 요구사항을 마련하고 있는 NIST SP 800-63을 분석하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.99-108
• /
• 2011

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.