• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.479-490
• /
• 2013

Recently, the number of attacks by malicious application has significantly increased, targeting Android-platform mobile terminal such as Samsung Galaxy Note and Galaxy Tab 10.1. The malicious application can be distributed to currently used mobile devices through open market masquerading as an normal application. An attacker inserts malicious code into an application, which might threaten privacy by rooting attack. Once the rooting attack is successful, malicious code can collect and steal private data stored in mobile terminal, for example, SMS messages, contacts list, and public key certificate for banking. To protect the private information from the malicious attack, malicious code detection, rooting attack detection and countermeasure method are required. To meet this end, this paper investigates rooting attack mechanism for Android-platform mobile terminal. Based on that, this paper proposes countermeasure system that enables to extract and collect events related to attacks occurring from mobile terminal, which contributes to active protection from malicious attacks.

• Proceedings of the CALSEC Conference
• /
• 2004.02a
• /
• pp.65-72
• /
• 2004

The Internet is a social and economic foundation, apparently destined for human communication and interaction. It is supposed to allow for more interactive and innovative ways for people to do what they do in 'real lift'. There is no shilly-shallying to say that at present, Internet has become a commanding and useful tool for empowerment and income making in developing countries. It is very difficult to say that at present internet has turned into a popular and useful thing among the Bangladeshi people like students, doctors, engineers, businessmen, researchers as well as politician who are being logged into the internet for getting information what they want. Though the Internet was invented in 1970 but it came late in Bangladesh through UUCPs (Unix-to-Unix copy) email connectivity in 1993 and IP connectivity in 1996. Having launched Internet, on June 1996 National polls result were broadcast through the using of World Wide Web (WWW) that was the first ever practice trial in Bangladesh. On June 1996, the government has approved to allow VSAT (Very Small Aperture Terminal) in the country's private sector to operate as Internet Service Provider (ISPs). At the end of year, there were only two ISPs in the country and number of users near about one thousand only. But next year in 1997, the total number of ISPs was more than a dozen and the clientele growth was ten times higher than that of the previous year. From then, the number of Internet users and ISPs are increasing significantly in Bangladesh. About 40 ISP are providing internet service among as many as 3, 20,000 users at present out of almost 130 license holder ISP provider but among the ISPs, most of the ISPs are placed in Dhaka and few are working in Comilla, Sylhet, Rajshahi, Chittagong and Khulna. It should be mention that currently, broadband internet (Radio, Cable) connection is working side by side dial -up connection where broadband accounts 10,000. This paper will have a comprehensive discussion on the current situations of Internet and some of the contemporary issues in the matter concerned.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

• Convergence Security Journal
• /
• v.10 no.4
• /
• pp.69-76
• /
• 2010

public certification is some kind of electric ID which can prove the valid user, based on open KEY. usually it had been used in the field of government complaint, e-commerce, financial. but recently it expands the its use range through computerization of work process of diversity fields such as e-sports, property, medical industry. because of this reason, importance for user certificate process is gradually rose. The purpose of this paper is looking at the method for user certification of public certificates and draw a way for enforce the user certification process by Vulnerability Analysis. To draw the alternative we study the Authentication Principle and policy structure of public certification system by researching references, has drew the limitation for policy of certification. we provide the guideline to enforce the user certification through conclusion which has been drew from previous step.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1439-1444
• /
• 2013

Recently, as the use of the applications like online banking and stock trading is increasing by the rapid development of the network, security of data content is becoming more and more important. Accordingly, public key or symmetric key encryption algorithm is widely used in open networks such as the internet for the protection of data. Generally, public key cryptographic systems is based on two famous number theoretic problems namely factoring or discrete logarithm problem. So, public key cryptographic systems is relatively slow compared to symmetric key cryptography systems. Among public key cryptographic systems, the advantage of ECC compared to RSA is that it offers equal security for a far smaller key. For this reason, ECC is faster than RSA. In this paper, we propose a efficient key generation method for elliptic curve cryptography system based on the real number field.

• Journal of the Korea Convergence Society
• /
• v.12 no.12
• /
• pp.223-233
• /
• 2021

MyData industry became possible with the revision of the three data-related bills on August 2020, and from February 2021, each individual can make MyData financial service through the app provided by MyData providers. In this study, in order to understand the user experience trend of MyData-based financial asset management apps in the user-centered financial service era, the usability evaluation of 11 apps from 8 MyData providers was conducted for 300 adults, then average value comparison, radial graph analysis, and heatmap analysis were conducted. In app design preference, asset list type was the most preferred type, followed by asset comparison·list type. As for the expected perception of the future benefits that can be enjoyed through My Data, 'diversification of convenient services' was the highest at 45.3%, and as a negative factor felt by users, personal information-related factors were the highest at 71.4%. The results of this study can be used as basic data for the development and improvement of user interfaces for MyData platforms.

• Korea Trade Review
• /
• v.48 no.3
• /
• pp.23-41
• /
• 2023

The seller and the buyer write down the agreed details in the trade contract as trade contract clauses. In the case where a letter of credit is agreed to be the payment condition, the buyer shall open a letter of credit to the seller with the shipping date specified in the trade contract through its bank. In this case, the legal relationship between the performance date of the trade contract and the shipment date of the letter of credit, the change of the performance date of the trade contract due to the change of the trade contract and the change of the shipment date specified in the letter of credit, the seller's letter of credit A problem arises in the legal interpretation of the approval period and the change request period. Therefore, this paper analyzed the precedents of the Seongnam Branch of the Suwon District Court and the Seoul High Court related to these legal issues. The performance date of a trade contract is the seller's delivery date and the buyer's payment date. In the letter of credit transaction, the date of performance of the trade contract is regarded as the date of shipment and the date of negotiation of documents specified in the letter of credit. The seller must decide whether to accept the letter of credit within 5 banking days after receiving the letter of credit from the buyer. After this period has elapsed, the seller cannot refuse the letter of credit. However, if the buyer is unable to decide whether to accept the letter of credit within 5 banking days due to reasons attributable to the buyer, the delivery date specified in the letter of credit will be extended. If the seller requests an amendment to the letter of credit, the buyer must accept it and open the letter of credit the seller desires to the seller. If the buyer refuses the seller's request to change the letter of credit, company A has the obligation to change and reopen the letter of credit as requested by company B. Expect by agreeing on the quotation As it is a fundamental breach of contract stipulated in Article 25 of the United Nations Convention on Contracts for the International Sale of Goods, company B can cancel the trade contract and claim damages from company A. Compensation for damages caused by Company A's breach of the trade contract shall be an amount equal to the loss suffered by Company B as a result of the breach, including loss of profits.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

• KDI Journal of Economic Policy
• /
• v.14 no.1
• /
• pp.191-212
• /
• 1992

This paper discusses the role of money in the process of capital accumulation where financial markets are impeded by contract enforcement problems in the context of overlapping generations framework. In particular, in less developed countries (LDCs) creditors may know little about the repayment capability of potential debtors due to incomplete information so that financial instruments other than money may not acceptable to them. In this paper the impediments to the operation of the private finanical markets are explicitly modelled. We argue that creditors cannot observe actual investment decisions made by the potential borrowers, and as a result, loan contracts may not be fully enforceable. Therefore, a laissez-faire regime may fail to provide the economy with the appropriate financial instruments. Under these circumstances, we introduce a government operated discount window (DW) that acts as an open market buyer of private debt. This theoretical structure represents the practice of governments of many LDCs to provide loans (typically at subsidized interest rates) to preferred borrowers either directly or indirectly through the commercial banking system. It is shown that the DW can substantially overcome impediments to trade which are caused by the credit market failure. An appropriate supply of the DW loan enables producers to purchase the resources they cannot obtain through direct transactions in the credit market. This result obtains even if the DW is subject to the same enforcement constraint that is responsible for the market failure. Thus, the DW intervention implies higher investment and output. However, the operation of the DW may cause inflation. Furthermore, the provision of cheap loans through the DW results in a worse income distribution. Therefore, there is room for welfare enhancing schemes that utilize the higher output to develop. We demonstrate that adequate lump sum taxes-cum-transfers along with the operation of the DW can support an allocation that is Pareto superior to the laissez-faire equilibrium allocation.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.19
• /
• pp.224-242
• /
• 2003

The author believes that the main task of study in international trade usage and practice is the management of transactional risks involved in international sale of goods. They are foreign exchange risks, transportation risks, credit risk, risk of miscommunication, etc. In most cases, these risks are more serious and enormous than those involved in domestic sales. Historically, the merchant adventurers organized the voyage abroad, secured trade finance, and went around the ocean with their own or consigned cargo until around the $mid-19^{th}$ century. They did business faceto-face at the trade fair or the open port where they maintained the local offices, so-called "Trading House"(商館). Thererfore, the transactional risks might have been one-sided either with the seller or the buyer. The bottomry seemed a typical arrangement for risk sharing among the interested parties to the adventure. In this way, such organizational arrangements coped with or bore the transactional risks. With the advent of ocean liner services and wireless communication across the national border in the $19^{th}$ century, the business of merchant adventurers developed toward the clear division of labor; sales by mercantile agents, and ocean transportation by the steam ship companies. The international banking helped the process to be accelerated. Then, bills of lading backed up by the statute made it possible to conduct documentary sales with a foreign partner in different country. Thus, FOB terms including ocean freight and CIF terms emerged gradually as standard trade terms in which transactional risks were allocated through negotiation between the seller and the buyer located in different countries. Both of them did not have to go abroad with their cargo. Instead, documentation in compliance with the terms of the contract(plus an L/C in some cases) must by 'strictly' fulfilled. In other words, the set of contractual documents must be tendered in advance of the arrival of the goods at port of discharge. Trust or reliance is placed on such contractual paper documents. However, the container transport services introduced as international intermodal transport since the late 1960s frequently caused the earlier arrival of the goods at the destination before the presentation of the set of paper documents, which may take 5 to 10% of the amount of transaction. In addition, the size of the container vessel required the speedy transport documentation before sailing from the port of loading. In these circumstances, computerized processing of transport related documents became essential for inexpensive transaction cost and uninterrupted distribution of the goods. Such computerization does not stop at the phase of transportation but extends to cover the whole process of international trade, transforming the documentary sales into less-paper trade and further into paperless trade, i.e., EDI or E-Commerce. Now we face the other side of the coin, which is data security and paperless transfer of legal rights and obligations. Unfortunately, these issues are not effectively covered by a set of contracts only. Obviously, EDI or E-Commerce is based on the common business process and harmonized system of various data codes as well as the standard message formats. This essential feature of E-Commerce needs effective coordination of different divisions of business and tight control over credit arrangements in addition to the standard contract of sales. In a few word, information does not alway invite "trust". Credit flows from people, or close organizational tie-ups. It is our common understanding that, without well-orchestrated organizational arrangements made by leading companies, E-Commerce does not work well for paperless trade. With such arrangements well in place, participating E-business members do not need to seriously care for credit risk. Finally, it is also clear that E-International Commerce must be linked up with a set of government EDIs such as NACCS, Port EDI, JETRAS, etc, in Japan. Therefore, there is still a long way before us to go for E-Commerce in practice, not on the top of information manager's desk.