• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.47-61
• /
• 2006

In the Internet era, enterprises want to use personal information of their own or other enterprises' subscribers, and even provide it to other enterprises for their profit. In this paper, a privacy authorization system for personal information based on privacy policies of users and enterprises is designed and implemented. Privacy policies of users and enterprises are described in XACML. Also, components of policy in XACML 2.0 such as Purpose, Obligation are suitable for expressing privacy policy. A prototype of privacy authorization system is implemented by modifying and extending the SUNXACML 1.2, a Sun's implementation of XACML 1.0 and some features of XACML 2.0, and GUI tools for composing and verifying are also developed.

• International Journal of Contents
• /
• v.6 no.3
• /
• pp.15-18
• /
• 2010

Grid system is based on the Grid Security Infrastructure (GSI). GSI uses user's proxy to guarantee availability among multi-trust domains. Since grid system has been developed focusing on availability, GSI provides authentication and authorization performed by systems, but there are lacks of privacy consideration. For this reason, some researchers decide to use their own cluster system and do not want to use public grid systems. In this paper, we introduce a new privacy enhanced security mechanism for grid systems. With this mechanism, user can participate in resource allocation and authorization to user's contents more actively. This mechanism does not need to change previous middleware and minimize the computational overheads.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.10B
• /
• pp.648-659
• /
• 2005

One's identity on the Internet has been disclosed and abused without his consent. Personal information must be protected by appropriate security safeguard. An Individual should have the right to know whether his personal details have been collected and stored. This paper proposes various conceptual models for designing privacy enabling service architecture in the Internet identity management system. For the restriction of access to personal information, we introduce the owner's policy and the management policy The owner's policy should provide the user with enough information to manage easily and securely his data. To control precisely and effectively all personal information in the Identity provider, we propose the privacy management policy and the privacy authorization model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.11-26
• /
• 2011

The existing anonymous authentication schemes based on group signatures for protecting privacy do not provide anonymous authorization which is required in the practical environments. In this paper, we propose an anonymous authentication and authorization scheme that enables a service provider both to authenticate anonymously its users and to provide different service according to their authorization. In the proposed scheme, a user's real identity, anonymity and authorization are managed distinctly through the separation of group manager's capabilities and an authorization authority. It is also possible for the proposed scheme to apply various access control models.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.79-90
• /
• 2008

Services over SIP protocol are anticipated to be commonly used services in our usual life. Especially, presence is a new feature in SIP-based services and actually entities' presence information has close relationship with privacy of them. Also, the XCAP-based authorization is accepted as a highly probable method to protect privacy of entities in SIP-based services. However, there is no proposed presence service model except IM service and it's hard to find the reference model that shows a way how we can apply XCAP-based authorization method into presence service. In this paper, we proposed new presence service model which is applicable to the VoIP service. We suggested presence service model which is making use of XCAP-based authorization to get protection of privacy in a organized way and the suggested model's each messaging steps were reviewed using concrete examples. Contributions of this work is in the suggestion of privacy-aware presence service using XCAP-based authorization and its verification of its each messaging step.

• Proceedings of the IEEK Conference
• /
• summer
• /
• pp.355-360
• /
• 2004

With the growing acceptance of XML technologies, XML will be the most common tool for all data manipulation and data transmission. Meeting security requirements for privacy, confidentiality and integrity is essential in order to move business online and it is important for security to be integrated with XML solutions. Many policies require certain conditions to be satisfied and actions to be performed before or after a decision is made. Binary yes/no decision to an access request is not enough for many applications. These issues were addressed and formalized as provisions and obligations by Betti et Al. In this paper, we propose an authorization model with provisions and obligations in XML. We introduce a formal definition of authorization policy and the issues involving obligation discussed by Betti et Al. We use the formal model as a basis to develop an authorization model in XML. We develop DTDs in XML for main components such as authorization request, authorization policy and authorization decision. We plan to develop an authorization system using the model proposed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.3C
• /
• pp.293-298
• /
• 2008

Recently, with the development of mobile techniques and the consideration to conveniency of using, the research on Mobile RFID Reader technique is getting more and more attentions. Until now, all security authentication algorithms of RFID are algorithms about range between Tag and Reader. The range between Reader and backend DB is composed by wired networks, so it's supposed to be secure range. But it must be taken account of the problem of information security and privacy in wireless range during the design of Mobile RFID Reader. In this paper we design an blind signature scheme based on weil-paring finite group's ECC encryption scheme, and by using this blind signature we propose the anonymous authorization scheme to Mobile RFID Reader's users.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.684-698
• /
• 2004

The Hippocratic database model recently proposed by Agrawal et al. incorporates privacy protection capabilities into relational databases. Since the Hippocratic database is based on the relational database, it needs extensions to be adapted for XML databases. In this paper, we propose the Hippocratic XML database model, an extension of the Hippocratic database model for XML databases and present an efficient access control mechanism under this model. In contrast to relational data, XML data have tree-like hierarchies. Thus, in order to manage these hierarchies of XML data, we extend and formally define such concepts presented in the Hippocratic database model as privacy preferences, privacy policies, privacy authorizations, and usage purposes of data records. Next, we present a new mechanism, which we call the authorization index, that is used in the access control mechanism. This authorization index, which is Implemented using a multi-dimensional index, allows us to efficiently search authorizations implied by the authorization granted on the nearest ancestor using the nearest neighbor search technique. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 13.6 times over the top-down access control strategy and by up to 20.3 times over the bottom-up access control strategy The major contributions of our paper are 1) extending the Hippocratic database model into the Hippocratic XML database model and 2) proposing an efficient across control mechanism that uses the authorization index and nearest neighbor search technique under this model.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.4 s.304
• /
• pp.25-32
• /
• 2005

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'Smart space' augmented with intelligence and enhanced with services. However, the deployment of this computing paradigm in real-life is disturbed by poor security, particularly, the lack of proper authentication and authorization techniques. Also, it is very important not only to find security measures but also to preserve user privacy in ubiquitous computing environments. In this Paper, we propose efficient user authentication and authorization model with anonymity for the privacy-preserving for ubiquitous computing environments. Our model is suitable for distributed environments with the computational constrained devices by using MAC-based anonymous certificate and security association token instead of using Public key encryption technique. And our Proposed Protocol is better than Kerberos system in sense of cryptographic computation processing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.437-454
• /
• 2020

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.