• The Journal of the Korea Contents Association
• /
• v.5 no.6
• /
• pp.120-128
• /
• 2005

One of the most secure ways of maintaining the confidentiality and integrity of electronic information is to use electronic signatures. So, in this paper, we developed guideline on electronic signatures for EMR(electronic medical record) based on the Medical Law and the Electronic Signature Act. This guideline is intended to introduce EMR easily in the medical field and to facilitate the promotion of EMR. We developed it through consulting from the advisory committee that was made up of experts in the fields of medical record, EMR system and electronic signatures. The contents of the guideline consist of subject and time stamp of electronic signatures, validity of a certificate, management of electronic signatures and custody and management of EMR. In the future, we will develop practical cases and promote educations and publicities of them to use in the medical institutes and EMR system related industries.

• Journal of Korean Society of Archives and Records Management
• /
• v.16 no.4
• /
• pp.121-148
• /
• 2016

MSR identifies that records are key factors in achieving the goals of an organization and that records management is part of the business administration. Therefore, organizations could secure accountability and continuity of works through the activities of production and management records. This study explored what should be prepared to adopt MSR in public institutions based on the analysis of the requirements of the ISO 30301. which is prepared to be utilized as a certificate system. It focuses on 1) how laws could be supplemented to adopt MSR by comparing the requirements of MSR and the Public Records Management Act; 2) what should be prepared by organizations in terms of their rules and procedures; and 3) how the evaluation system of public institutions and the records management evaluation system could be revised to ensure that MSR will be sufficiently implemented in the organizations. In conclusion, the part to be supplemented by the law, the area to be operated as the internal rules of the organizations, and the way to be reflected in the evaluation of the public institutions were suggested.

• The Journal of Society for e-Business Studies
• /
• v.9 no.3
• /
• pp.227-241
• /
• 2004

With the expansion of internet usage and the advanced technology for information and communication, the international e-Trade environment gradually migrates from the VAN/EDI to the global Internet-based e-Traed on an ebXML framework. In an effort to provide a Internet-based e-Trade environment with a security and trust, this paper analyzes security components and proposed the SSL and ebXML security technologies in order to assure of the trust and security over Internet-based e-Trade. In addition, this paper presents 3-phase methodology to realize the secure and trustworthy Internet-based e-Trade. In summary, as the first phase, the e-Trade business processes are re-engineered and the digital signature council for mutual recognition is orgainzed. And as the second phase, the Internet-based e-Trade system and the concerned digital signature technology are implemented. Finally as third phase, the PKI mutual recognition agreement is signed by parties concerned and then the Internet-based e-trade business is started. Furthermore, this paper presents the promising Internet-based e-Trade models where the digital signature can be applied.

• The Journal of Society for e-Business Studies
• /
• v.10 no.1
• /
• pp.121-134
• /
• 2005

The MANET has many problems in security despite of its many advantages such as supporting the mobility of nodes, independence of the fixed infrastructure, and quick network establishment. In particular, in establishing security, the traditional certification service has many difficult problems in applying to the MANET because of its safety, expandability, and availability. In this paper, a secure and effective distributed certification service method was proposed using the Secret Sharing scheme and the Threshold Digital Signature scheme in providing certification services in the MANET. In the proposed distributed certification service, certain nodes of relatively high safety among the mobile nodes consisting of the MANET, were set as privileged nodes, from which the process of issuing a certification started. The proposed scheme solved problem that the whole network security would be damaged by the intrusion to one node in the Centralized Architecture and the Hierarchical Architecture. And it decreased the risk of the exposure of the personal keys also in the Fully Distributed Architecture as the number of the nodes containing the partial confidential information of personal keys decreased. By the network simulation, the features and availability of the proposed scheme was evaluated and the relation between the system parameters was analyzed.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.3-8
• /
• 2014

Wireless Ad hoc Network is threatened from many types of attacks because of its open structure, dynamic topology and the absence of infrastructure. Attacks by malicious nodes inside the network destroy communication path and discard packet. The damage is quite large and detecting attacks are difficult. In this paper, we proposed attack detection technique using secure authentication infrastructure for efficient detection and prevention of internal attack nodes. Cluster structure is used in the proposed method so that each nodes act as a certificate authority and the public key is issued in cluster head through trust evaluation of nodes. Symmetric Key is shared for integrity of data between the nodes and the structure which adds authentication message to the RREQ packet is used. ns-2 simulator is used to evaluate performance of proposed method and excellent performance can be performed through the experiment.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.33-38
• /
• 2013

Security between mobile nodes and efficient communication is one of the most important parts of the MANET. In particular, the wireless network is significantly higher for the attack threats because of collaborative structure for open communication media and communication. However, application of existing security mechanisms and intrusion detection system is not easy due to the characteristics of MANET. It is because collection and integration of adult data by the dynamic topology due to the mobility of nodes and many network sensors is difficult. In this study, we propose cooperative security system technique that can improve the reliability based on authentication assessing confidence about the whole nodes which joins to network and detect effectively this when intrusion occurs. Cluster head which manages the cluster performs CA role for the certificate issue and the gateway node performs role of intrusion detection system. Intrusion detection is performed by cooperating with neighboring nodes when attack is not detected in one intrusion detection node. The performance of the proposed method was confirmed through experiments comparing with the SRP technique.

• Proceedings of the Korean Institute Of Construction Engineering and Management
• /
• 2006.11a
• /
• pp.453-457
• /
• 2006

After the introduction of Professional Engineer System to secure superior technical personnel in 1963, the engineering license regulations were introduced in 1995 - the person qualified with either the academic back ground or career in the construction field can be authorized as a construction engineer- to cope with higher demands for construction engineers caused by revitalization of construction business such as 2 million house construction. As a result, the number of construction engineers has been increased drastically since year 2000, which caused serious problems in utilizing top technical certificate, the PE's. Recently, relating to the opening of technology market according to WTO agreement and mutual authentication among countries and etc., the government is preparing legal and systematic foundations to guarantee the professionalism of engineers. Through the exact supply-demand forecast of PE's reflecting these systematic aspects, we are going to analyze the problems in the supply-demand of PE's and suggest the systematic improvement plans for managing the supply-demand of PE's. The result of this research can be used for building efficient and consistent raising and utilizing system of PE's as well as supply and demand system of qualified PE's

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.981-992
• /
• 2004

The established NEIS has a lot of problems in the management of security. It does not realize access control in following authority because it only uses PKI certification in user certification and the use of central concentration DBMS and plain text are increased hacking possibility in NEIS. So, This paper suggests a new NEIS for the secure management of data and authority certification. First, we suggest the approached authority in AC pf PMI and user certification in following the role, RBAC. Second, we realize DB encryption plan by digital signature for the purpose of preventig DB hacking. Third, we suggest SQL counterfeit prevention by one-way hash function and safe data transmission per-formed DB encryption by digital signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• Journal of Digital Convergence
• /
• v.14 no.7
• /
• pp.373-383
• /
• 2016

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.