• The Journal of Society for e-Business Studies
• /
• v.18 no.4
• /
• pp.45-65
• /
• 2013

A design file can get larger in size as the complexity of the target object increases. A large design file may reside in a large parallel computing system, such as cloud computing systems, and many designers may work concurrently on the same design file. In such a case, it is obvious that we need some kind of protection mechanism so that each user can access only the area of the file he or she is entitled to. Two approaches can be taken for this problem: one is the traditional access control mechanisms and the other encryption techniques. We take the latter approach to ensure the safety of the file even in public domain such as clouding systems, and in this paper, we suggest an encryption scheme for a file where the file is encrypted in multi-layer so that each user is allowed to access the file only at the layer for which the user has the proper access right. Each layer of the file is encrypted with different keys and these keys are exposed only to those who have the right access permit. The paper explains the necessary file format to achieve this goal and discusses the file manipulation functions to handle this new file format.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.5
• /
• pp.11-21
• /
• 2004

To authorize IPSec-VPN Client in Client-to-Gateway type of the IPSec-VPN system, it can be normally used with ID/Password verification method or the implicit authorization method that regards implicitly IPSec-VPN gateway as authorized one in case that the IPSec-VPN client is authenticated. However, it is necessary for the Client-to-Gateway type of the IPSec-VPN system to have a more effective user authorization mechanism because the ID/Password verification method is not easy to transfer the ID/Password information and the implicit authorization method has the vulnerability of security. This paper proposes an effective user authorization mechanism using an attribute certificate and designs a user authorization engine. In addition, it is implemented in this study. The user authorization mechanism for the IPSec-VPN system proposed in this study is easy to implement the existing IPSec-VPN system. Moreover, it has merit to guarantee the interoperability with other IPSec-VPN systems. Furthermore, the user authorization engine designed and implemented in this paper will provide not only DAC(Discretional Access Control) and RBAC(Role-Based Access Control) using an attribute certificate, but also the function of SSO(Single-Sign-On).