• Convergence Security Journal
• /
• v.13 no.2
• /
• pp.45-54
• /
• 2013

Korea Security Association suggested from who Professor An, Hwang Kwon advocated the introduction of a private security guard certification system, and the private security guard certification exam has been conducted seven times since 2005, being authorized by the government. Currently, there are a lot of certified private security guards who have passed the exam. In fact, however, no preference is given to them. In terms of employment, they don't receive any preferential treatment nor are given any extra points. Furthermore, they cannot afford to make use of their certificate. The purpose of this study was to examine the state of utilizing the private security guard certificate among student certificate holders and their awareness of the private security guard system. The findings of the study were as follows: First, it's important to present a vision for certified private security guards, and what equally matters is to make it clear how and where they can show what they can do. Second, it's required to improve the image and reliability of private security guards as professional security guards. Third, candidates for the certification exam should boost their own self-esteem, confidence and professionalism as competent human resources who can make a contribution to society.

• Korean Security Journal
• /
• no.13
• /
• pp.451-470
• /
• 2007

This study is concerned Meaning of the certificate of qualification and Prospect of the certificate of qualification in private security in korea. Now, private security area is need the certificate of qualification, and the first examination in 2006' in Korea has meaning that open the period of the certificate of qualification. The 40 university(include colleges) applied the first examination. This exam is enforced 11. 25. 2006. in six part area in Korea. The 822 students are applied and 763 students(the ratio of successful applicants 92.8%) passed this exam. This apply exam is meaning the start of new development and specialization in private security area. I hope that this exam is a opportunity of cooperation between industry and the academic world. Also, this exam is a opportunity of student in private security are more hard training before take a job. As my understanding this exam is the confirmation by an authority, this exam is only neutral evidence to get the confidence and credit from the clients.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.987-997
• /
• 2018

Blockchain has tamper-free, so many applications are developing to leverage tamper-free features of blockchain. MIT Media Labs proposed BlockCerts, educational certificate blockchain System, to solve problems of legacy certificate verifications. Existing educational certificate blockchain Systems are based on public blockchain such as bitcoin, Ethereum, so any entity can participate educational institute in principal. Moreover, the exisitng educational certricate blockchain system utilizes the integrity of blockchain, but the confidentiality of the educational certificate is not provided. This paper propose a digital certificate system based on private blockchain, name HyperCerts. Therefore, only trusted entity can participate in the private blockchain network, Hyperledger, as the issuer of digital certificate. Furthermore, the practical byzantine fault tolerance is used as consensus algorithm, HyperCerts reduce dramatically the latency of issuing digital certificate and required computing power. HyperCerts stores the hash value of digital certificate into the ledger, so breach of personal information by malicious entity in the private blockchain is protected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.31-40
• /
• 2014

In Korea, the Public Key Infrastructure (PKI) has been introduced. For secure information transmission and identification, the electronic signature authorization system of a certificate-based is built, and then the service provide.The certificate is stored in location what users can easily access and copy. Thus, there is a risk that can be stolen by malware or web account hacking. In addition, private key passwords can be exposed by the logging tool, after keyboard security features are disabled. Each of these security weaknesses is a potential conduit for identity theft, property/asset theft, and theft of the actual certificates. The present study proposes a method to prevent the private key file access illegally. When a certificate is stored, the private key is encrypted by the dependent element of the device, and it is stored securely. If private key leakage occurs, the retrieved key could not be used on other devices.

• The Journal of the Korea Contents Association
• /
• v.16 no.8
• /
• pp.90-96
• /
• 2016

The 3390 million people, around 83% of the adult population in Korea use smartphone. Although the safety problem of the certificate has been occurred continuously, most of these users use the certificate. These safety issues as a solution to 'The owner of a mobile phone using SMS authentication technology', 'Biometric authentication', etc are being proposed. but, a secure and reliable authentication scheme has not been proposed for replace the certificate yet. and there are many attacks to steal the certificate and private key. For these reasons, security experts recommend to store the certificate and private key on usb flash drive, security tokens, smartphone. but smartphones are easily infected malware, an attacker can steal certificate and private key by malicious code. If an attacker snatchs the certificate, the private key file, and the password for the private key password, he can always act as valid user. In this paper, we proposed a safe way to keep the private key on smartphone using smartphone's unique information and user password. If an attacker knows the user password, the certificate and the private key, he can not know the smart phone's unique information, so it is impossible to use the encrypted private key. Therefore smartphone user use IT service safely.

• Korean Security Journal
• /
• no.59
• /
• pp.71-90
• /
• 2019

As the demand for national security and national safety is gradually increasing in accordance with the trend of the times and social environment, and the use of private areas for effective prevention and supply required for the demand for safety services, this paper analyzed the Japanese private security testing system for the introduction of the Korea security certification system as a way to secure expertise in the private security industry and drew the following conclusion. First, certificate segmentation should be carried out according to the clearly divided field and scope of the expense operation. Second, it is necessary to distinguish the qualification of the private security qualification according to the level. Third, it is necessary to utilize the combined evaluation method through the departmental and practical tests. Fourth, an assessment should be made through the link between departments and practical subjects. Fifth, the diversity of the acquisition methods should be placed to ensure the gainer's accessibility. Finally, the use of professional and visible use of professional personnel should be achieved through benefit assessment for those who are qualified for

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.41-55
• /
• 2007

The certificate is used to confirm and prove the user's identity in online finance and stocks business. A user's public key is stored in the certificate(for e.g., SignCert.der) and the private key, corresponding to public key, is stored in the private key file(for e.g., SignPri.key) after encryption using the password that he/she created for security. In this paper, we show that the certificate, deleted by the commercial certificate software, can be recovered without limitation using the commercial forensic tools. In addition, we explain the problem that the private key encryption password can be detected using the SignCert.der and the SignPri.key in off-line and propose the countermeasure about the problem.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.379-388
• /
• 2011

Ensuring the security of medical records is becoming an increasingly important problem as modern technology is integrated into existing medical services. As a consequence of the adoption of EMR(Electronic Medical Records) in the health care sector, it is becoming more and more common for a health professional to edit and view a patient's record. In order to protect the patient's privacy, a secure authentication model to access the electronic medical records system must be used. A traditional identity based digital certificate for the authenticity of EMR has private key management and key escrow of a user's private key. In order to protect the EMR, The traditional authentication system is based on the digital certificate. The identity based digital certificate has many disadvantages, for example, the private key can be forgotten or stolen, and can be easily escrow of the private key. Nowadays, authentication model using fingerprint recognition technology for EMR has become more prevalent because of the advantages over digital certificate -based authentication model. Because identity-based fingerprint recognition can eliminate disadvantages of identity-based digital certificate, the proposed authentication model provide high security for access control in EMR.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.11-17
• /
• 2018

The number of certificates in Korea is about 32,364(2018.09). There are 252 national technical qualifications, 149 national professional qualifications, 99 public private qualifications, and 31,894 private qualifications. The purpose of this study is to examine the process by which KAITS ISE is created. The course was examined and formalized for 10 years from the establishment of KAITS to the first test. As a result of the research, (1) Preparatory considerations (2) Development of qualifications framework (3) Job analysis and drafting (4) Development of problem banks (5) Design of curriculum (6) Development of verification strategy (7) Execution of verification (8) Revenue plan (9) Expansion of qualification demand (10) Opinion formation. After that, the module of the creativity is studied. It is expected that it will be used as a model for certification development in industry security consulting experts.

• The Journal of the Korea Contents Association
• /
• v.17 no.6
• /
• pp.32-38
• /
• 2017

Despite the opinion that certificate is useless, half of the population in Korea (approx. 35 million) get an certificate, and use it for internet banking, internet shopping, stock trading, and so on. Most users store their certificates on a usb memory or smartphone, and certificates or passwords stored on such storage media can be easily attacked and used to disguise as legitimate users. Due to these security problem of certificate, a various authentication technologies has been proposed such as smartphone owner authentication using SMS, and a personal authentication using biometric authentication. However, a safe technique is not presented yet without user password, and certificate. In this paper, I proposed a method to secure certificate/private key without a user password using a combination of USIM card and smartphone's information. Even if a hacker gets the user password, the certificate, and the private key, he can not use the certificate. User do not need to remember complex password which is a combination of alphabetic / numeric / special characters, and use his certificate safely.