• Journal of KIISE:Information Networking
• /
• v.29 no.5
• /
• pp.482-494
• /
• 2002

In E-mail based accounting system, the remitter does not have need to find collector's account number. To transfer money to a collector's account, what remitter need is just a collector's E-mail address. But the current E-mail based accounting systems are built on SSL technology. Basically SSL provides some security services - confidentiality, user authentication and data integrity, but does not provide non-repudiation. So, in the current E-mail based accounting system, it is possible to deny transaction. And there is no receipt of transaction. In this paper, we design and implementation of a S/MIME applied Secure Payment Mechanism. In our system, every account information - account number, receiver name, amount of money, etc. - is included in a 'check' message. And this message is protected under the Secure Web-mail using S/MIME. In a view point of the convenience, users using our system do not have need to find collector's account number. And in a view point of the security, our system provides confidentiality, user authentication, data integrity and non-repudiation. Moreover our system provides a receipt.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of Multimedia Information System
• /
• v.8 no.1
• /
• pp.35-44
• /
• 2021

The Myanmar rice cycle's existing system is still relying on a third party to manage every rice data information from several organizations. It is inconvenient to supervise simultaneously due to the unreliability of information provided by organizations. Thus, the rice cycle's original data is challenging to be utterly trusted since irresponsible parties can manipulate the current state of information. Moreover, the applied system does not preserve a proper incentive for the involved parties. In this paper, we leverage the Ethereum blockchain to be adopted to tackle the aforementioned issues. The main objective is to build trust between parties in the Myanmar rice cycle system. Our proposed scheme allows customers to check and trace information about the rice cycle information without worrying about the integrity of the data. Furthermore, the authorized parties are also rewarded by the government through Ethereum smart contract features. Eventually, our scheme achieves traceability in the rice chain system and leads to the complete digitization and automation of the rice cycle information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1489-1497
• /
• 2018

Web application services have diversified. At the same time, research on intrusion detection is continuing due to the surge of cyber threats. Also, As a single-defense system evolves into multi-level security, we are responding to specific intrusions by correlating security events that have become vast. However, it is difficult to check the OS, service, web application type and version of the target system in real time, and intrusion detection events occurring in network-based security devices can not confirm vulnerability of the target system and success of the attack A blind spot can occur for threats that are not analyzed for problems and associativity. In this paper, we propose the validation of effectiveness for intrusion detection events using TF-IDF. The proposed scheme extracts the response traffics by mapping the response of the target system corresponding to the attack. Then, Response traffics are divided into lines and weights each line with an TF-IDF weight. we checked the valid intrusion detection events by sequentially examining the lines with high weights.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.67-70
• /
• 2014

Last was the main issue of financial security in the future will be more emphasis on security. Such as March 20, 2013 Computational crisis, June 25 Cyber terrorism information to credit card companies and customers due to carrier spill in Financial computational security measures 'released in 2014 and the financial authorities' customer information leakage prevention measures "were published the efforts to protect customers' information assets and ensure the stability of the financial transactions carried out by financial institutions protected status check "the information annually authorities This study business operations for the protection of information technology services for IT systems security equipment, data security operating services, security management services operations, operational management of IT systems security requirements from the point to the need for information security, IT systems administrator it would be great help.

• Journal of Korea Multimedia Society
• /
• v.23 no.5
• /
• pp.658-666
• /
• 2020

PGP is an encryption software designed to provide information protection, security and authentication services for online communication systems. The characteristic of behavior done on the Internet is that you don't know the other person. It is very important to protect information from someone you cannot trust. So identification of the other person is an important task. PGP uses an digital signature algorithm to verify the identity of the other party. However, it is not accurate to check the other party's credibility. PGP increases trust as other users sign more on public keys of user. In other words, credibility is not perfect. In this paper, PGP certification system that key management in Ethereum blockchain, one of the blockchain platforms, is proposed. Key management in blockchain ensures data integrity, transparency and reliability.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.11
• /
• pp.125-136
• /
• 2013

In this paper, we proposed SSL VPN-based network access control technology which can verify user authentication and integrity of user terminal. Using this technology, user can carry out a safety test to check security services such as security patch and virus vaccine for user authentication and user terminal, during the VPN-based access to an internal network. Moreover, this system protects a system from external security threats, by detecting malicious codes, based on behavioral patterns from user terminal's window API information, and comparing the similarity of sequential patterns to improve the reliability of detection.

• Journal of Service Research and Studies
• /
• v.5 no.2
• /
• pp.93-101
• /
• 2015

Today, various access security technology appeared in this society as a result of the informatization and automation. Most building, floor, or door security certification system for the office units are installed, but there are many inconvenient matters. In order to minimises this, we used the face recognition function via the camera, and various sensors. In this paper, I designed the access security system through physical computing which Arduino offered, facial recognition program, and Twitter. Check that the personal information stored in the individual RFID tag is matched to the personal information stored on the existing server. Face recognition program input the face using a camera, and allow to confirm the identity. The system's abnormal or when the unauthenticated person is to penetrate, the system transmits the Twitter status message to the manager. It was designed continuously to monitor the status in real time in this way.

• Korean Security Journal
• /
• no.33
• /
• pp.197-228
• /
• 2012

The private security industry in Korea has rapidly proliferated. While the industry has grown quickly, though, private security officers have recently been implicated in incidents involving violence, demonstrating an urgent need for systematic reform and regulation of private security practices in Korea. Due to its quasi-public service character, the industry also risks losing the public's favor if it is not quickly disciplined and brought under legitimate government regulation: the industry needs professional standards for conduct and qualification for employment of security officers. This paper shares insights for the reform of the Korean private security industry through a study of the licensing and training requirements for private security businesses in the United States, mainly focusing on the Private Security Officer Employment Authorization Act (hereinafter the PSOEAA) and the California system. According to the PSOEAA, aspiring security officers shall submit to a criminal background check (a check of the applicants' criminal records). Applicants' criminal records should include not only felony convictions but also any other moral turpitude offenses (involving dishonesty, false statement, and information on pending cases). The PSOEAA also allows businesses to do background checks of their employees every twelve months, enabling the employers to make sure that their employees remain qualified for their security jobs during their employment. It also must be mentioned that the state of California, for effective management of its private security sector, has established a professional government authority, the Bureau of Security and Investigative Services, a tacit recognition that the private security industry needs to be thoroughly, professionally, and actively managed by a professional government authority. The American system provides a workable model for the Korean private security industry. First, this paper argues that the Korean private security industry should implement a more strict criminal background check system similar to that required by the PSOEAA. Second, it recommends that an independent professional government authority be established to oversee and enforce regulation of Korea's private security industry. Finally, this article suggests that education and training course be implemented to provide both diverse training as well as specialization and phasing.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.