• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.141-151
• /
• 2004

According to the improvemnent of electronic commerce, the requirements of security devices are becoming increasingly pervasive. The security API must design easily and securely to support a compatibility feature between security devices. It is chosen the PKCS #11 interface by RSA Labs that shows the compatibility and extensibility standards of many application product and implementation, and supported KCDSA mechanism which is a korean digital signature standard. And the PKCS #11 security API defines new key management function which provides more secure key management ability. We suggest the object attributes and templates of KCDSA private and public key object, generate and verify digital signature using KCDSA mechanism. The PKCS #11 supporting KCDSA mechanism is designed, implemented using C-Language, tested a performance, and analyzed the security and compatibiltiy feature.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.281-286
• /
• 2003

Nowadays, a patient's private medical data which is exposed to the outside world has a severe effect on not only the patient's private life but also his/her social activities and environment. So, it is important to securely protect the patient's private medical data from the illegal manipulation. This paper studies the method to store the electronic prescription information in an IC card. For that, an access control for users, such as a doctor, a nurse, a medical institute member, a pharmacy, a pharmacist, or a patient, is proposed to access the data stored in an IC card. The certificate is issued using the Crypto API of a certificate management model supported by Windows 2000. The public/private key is created by the Cryptographic Service Provider program, and the electronic prescription is signed using the digital signature. The proposed system, therefore, can improve the quality of medical services by securing the safety and integrity of the electronic prescription, stored in an IC card.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.551-558
• /
• 2016

The recent convergence in ICT industry has created new businesses as well as other opportunities. However, it entails new convergence threat accompanied by security risks. Even though there are security professionals who are dealing with the situation, there is not enough human resource in risk management. Moreover, the amount of research that studies quality of education and training security personnel is not sufficient. This paper explores the curriculum of information security education in the private sector and reasons out fifteen standard curriculums in four professional fields categorized by job classification. In addition, it provides a weighted score table based on the evaluation indicator for the effective security education certificates in the private sector.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.10
• /
• pp.2862-2882
• /
• 2023

With the development of networking technology, it has become common to use various types of network services to replace physical ones. Among all such services, electronic voting is one example that tends to be popularized in many countries. However, due to certain concerns regarding information security, traditional paper voting mechanisms are still widely adopted in large-scale elections. This study utilizes blockchain technology to design a novel electronic voting mechanism. Relying on the transparency, decentralization, and verifiability of the blockchain, it becomes possible to remove the reliance on trusted third parties and also to enhance the level of trust of voters in the mechanism. Besides, the mechanism of blind signature with its complexity as difficult as solving an elliptic curve discrete logarithmic problem is adopted to strengthen the features related to the security of electronic voting. Last but not least, the mechanism of self-certification is incorporated to substitute the centralized certificate authority. Therefore, the voters can generate the public/private keys by themselves to mitigate the possible risks of impersonation by the certificate authority (i.e., a trusted third party). The BAN logic analysis and the investigation for several key security features are conducted to verify that such a design is sufficiently secure. Since it is expected to raise the level of trust of voters in electronic voting, extra costs for re-verifying the results due to distrust will therefore be reduced.

• Korean Security Journal
• /
• no.9
• /
• pp.69-98
• /
• 2005

The security industry for civilians (Private Security), was first introduced to Korea via the US army's security system in the early 1960's. Shortly after then, official police laws were enforced in 1973, and private security finally started to develop with the passing of the 'service security industry' law in 1976. Korea's Private Security industry grew rapidly in the 1980's with the support of foreign funds and products, and now there are thought to be approximately 2000 private security enterprises currently running in Korea. However, nowadays the majority of these enterprises are experiencing difficulties such as lack of funds, insufficient management, and lack of control over employees, as a result, it seems difficult for some enterprises to avoid the low production output and bankruptcy. As a result of this these enterprises often settle these matters illegally, such as excessive dumping or avoiding problems by hiring inappropriate employees who don't have the right skills or qualifications for the jobs. The main problem with the establishment of this kind of security service is that it is so easy to make inroads into this private service market. All these hindering factors inhibit the market growth and impede qualitative development. Based on these main reasons, I researched this area, and will analyze and criticize the present condition of Korea's private security. I will present a possible development plan for the private security of Korea by referring to cases from the US and Japan. My method of researching was to investigate any related documentary records and articles and to interview people for necessary evidence. The theoretical study, involves investigation books and dissertations which are published from inside and outside of the country, and studying the complete collection of laws and regulations, internet data, various study reports, and the documentary records and the statistical data of many institutions such as the National Police Office, judicial training institute, and the enterprises of private security. Also, in addition, the contents of professionals who are in charge of practical affairs on the spot in order to overcomes the critical points of documentary records when investigating dissertation. I tried to get a firm grasp of the problems and difficulties which people in these work enterprises experience, this I thought would be most effective by interviewing the workers, for example: how they feel in the work places and what are the elements which inpede development? And I also interviewed policemen who are in charge of supervising the private escort enterprises, in an effort to figure out the problems and differences in opinion between domestic private security service and the police. From this investigation and research I will try to pin point the major problems of the private security and present a developmental plan. Firstly-Companies should unify the private police law and private security service law. Secondly-It is essential to introduce the 'specialty certificate' system for the quality improvement of private security service. Thirdly-must open up a new private security market by improving old system. Fourth-must build up the competitive power of the security service enterprises which is based on an efficient management. Fifth-needs special marketing strategy to hold customers Sixth-needs positive research based on theoretical studies. Seventh-needs the consistent and even training according to effective market demand. Eighth-Must maintain interrelationship with the police department. Ninth-must reinforce the system of Korean private security service association. Tenth-must establish private security laboratory. Based on these suggestions there should be improvement of private security service.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.35-41
• /
• 2017

This paper introduces a new method for storing a private key. This method can be achieved by dividing the private key into "n" pieces by a (k, n) secret sharing method, and then storing each piece into photo files utilizing a steganography method. In this way, a user can restore a private key as long as he can remember the locations of "k" photos among the entire photo files. Attackers, meanwhile, will find it extremely difficult to extract the private key if a user has hidden the pieces of the private key into numerous photo files stored in the system. It also provides a high degree of user convenience, as the user can restore the private key from his memory of k positions among n photo files. Coupled with this, a certain level of security can be guaranteed because the attacker cannot restore a private key, even if he knows k-1 photo file locations.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.11-17
• /
• 2015

Private security guard certification system was recognized as a national certification in 12. 2012 after it was first given in 2006 as a civil certification and then became a national test in 2013. Thinking it short of regulations on some of exemptible requirements as well as test-taking age limit due to the certification's specificity, the current researcher tried to present the following improvement plans. First, in taking the test, only the bottom age limit is given with no top age limit, so a regulation on its top age limit needs to be newly made so that it can select those substantially able to protect persons. Second, it can expand some of its exemptible requirements to not only police civil officials, private security guard civil officials but also military civil officials and college graduates who have taken all the courses for its primary test and have career in private security guard. Third, certain validity period can be set by standard of the date when the certification test application is accepted after retirement from related occupations so that they can maximally exert their ability in actual works. Fourth, the exemptible courses of the test must be limited to the primary test only while its hands-on test must not be exempted to meet the requirement of the ability for actual personal protection. In this manner, it's necessary that the personal protection certification system, as a national certificate, should be carefully reviewed to keep abreast with the growing civil protection industry.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• The Journal of the Korea Contents Association
• /
• v.12 no.2
• /
• pp.69-77
• /
• 2012

In the case of the password-based PKI technology, because it protects by using the password which is easy that user memorizes the private key, he has the problem about the password exposure. In addition, in the system of electronic bidding, the illegal use using the authentic certificate of the others increases. Recently, in order to solve this problem, the research about the PKI technology using the biometrics is actively progressed. If the bio information which the user inputs for the bio authentication is converted to the template, the digest access authentication in which the security is strengthened than the existing authentication technology can be built. Therefore, in this paper, we had designed and developed the system of electronic bidding which it uses the most widely used fingerprint information in the biometrics, it stores the user fingerprint information and certificate in the fingerprint security token and can authenticate the user. In case of using the system of electronic bidding of the public key infrastructure using the fingerprint information proposed in this paper the agent bid problem that it uses the certificate of the others in not only user authentication intensification but also system of electronic bidding can be concluded.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.77-84
• /
• 2012

Recent Security Programs are widely used to improve the security of Client Systems in the Web authentication. Security Program is provide the function of the Keyboard Security and Certificate Management, Vaccines, Firewall. in particular, This Security Program has been used Financial Institutions and Government Agencies, and some private corporate Home Page. and ActiveX is used to install the Security Program. but Security Programs caused by several security vulnerabilities and problems as they appear, are threat to the stability of the Client System. Therefore, This paper will be analyzed through Case Studies and Experiments to the Vulnerabilities and Problems of Security Program and This Is expected to be utilized to further improve the performance of the Security Program and the building of a new Certification Scheme for material in the future.