• Journal of the Korean Institute of Intelligent Systems
• /
• v.19 no.2
• /
• pp.160-167
• /
• 2009

This paper describes how to protect the personal information of a biometric reference provider wherein biometric reference and personally identifiable information are bounded in a biometric system. To overcome the shortcomings of the simple personal authentication method using a password, such as identify theft, a biometric system that utilizes physical and behavioral characteristics of each person is usually adopted. In the biometric system, the biometric information itself is personal information, and it can be used as an unique identifier that can identify a particular individual when combining with the other information. As a result, secure protection methods are required for generating, storing, and transmitting biometric information. Considering these issues, this paper proposes a method for ensuring confidentiality and integrity in storing and transferring personally identifiable information that is used in conjunction with biometric information, by extending the related X9.84 standard. This paper also outlines the usefulness of the proposition by defining a standard format represented by ASN.1, and implementing it.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.25-29
• /
• 2020

The elliptic curve crypto-algorithm is widely used in authentication for IoT environment, since it has small key size and low communication overhead compare to the RSA public key algorithm. If the scalar multiplication, a core operation of the elliptic curve crypto-algorithm, is not implemented securely, attackers can find the secret key to use simple power analysis or differential power analysis. In this paper, an elliptic curve scalar multiplication algorithm using a randomized scalar and an elliptic curve point blinding is suggested. It is resistant to power analysis but does not significantly reduce efficiency. Given a random r and an elliptic curve random point R, the elliptic scalar multiplication kP = u(P+R)-vR is calculated by using the regular variant Shamir's double ladder algorithm, where l+20-bit u≡rn+k(modn) and v≡rn-k(modn) using 2^lP=∓cP for the case of the order n=2^l±c.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.453-456
• /
• 2016

Recently, IoT technologies attract much attenction in medical area. Previous medical IoT had focused mainly on chronological diseases or fitness for particular users. Contrarily, medical use of the IoT technologies is now extended for medical institutes and hospitals to care intensively in-house patients, which requires typically more strict and reliable data delivery and security, authentication and authorization. This study defines scenario of the medical IoT for the intensive care and proposes an architecture of the medical IoT services. We implement a testbed using commerical sensors and Arduino board together with a Web-based platform. Experiment results on the testbed show that our approach can be feasible for the medical system in terms of latency and accuracy in medical data delivery.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.6B
• /
• pp.970-976
• /
• 2010

Platform convergence originated from the convergence of broadcast and telecommunication is making rapid progress including IT and not-IT fields in order to provide a variety of converged services, S/W eco-system construction, and so on. With the advent of convergence environment, IEEE 802.15.4-based RF4CE technology is rising because of creating momentum for the market using converged connectivity between home and office devices as well as all around located devices. In this paper, we present enhanced RF4CE key seed distribution approach in order to provide efficient connection and control between devices. The proposed approach consists of device mutual authentication, initial vector assignment, and two-phase key seed distribution. Moreover, we make a development real RF4CE test board and its key agreement simulator to verify the proposed approach.

• Korean Business Review
• /
• v.13
• /
• pp.207-221
• /
• 2000

In this era of changing system, we may learn lesson from newly developed Uniform Electronic Transation Act(UETA) in 1999. Korea has its counterpart as the Basic Electronic Transaction Act and Electronic Signature Act made by 1999. While UETA stresses on transaction law between individuals, that of Korean stresses on the role of government in electronic transaction. Both laws have the common definitions as electronic record, electronic signature, however, UETA has its own definitions such as automated transaction, computer program, electronic agent, information, information processing system, and security procedure. Especially, transferable record in section 16 is one of the most unique concept which Korean law does not provide. Korean government is planning to introduce electronic note in the near future, which will make unprecedented reform in Korean financial industry. Since Korean law does not have such a concept as electronic note, revision of the law is expected soon. Korean law has its specialty which puts stress on cyber mall, authentication agency, and consumer protection. In U.S., the interpretation of law by court is important when they have disputes according to common law traditon. Studies on cases on disputes in U.S. is needed most for Korean application.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.117-126
• /
• 2007

Web Forensics algorithm used to an extraction of technical Web Forensics data to be adopted to proof data regarding a crime cyber a computer at data of a great number of log History is an essential element. Propose Web Forensics algorithm, and design at these papers, and try to implement in a Web server system of an actual company. And make the Web dispatch Loging system configuration experiment that applied integrity regarding Web log History information or authentication regarding an information source. Design Web Forensics algorithm and the Flow which used for Web log History analyses at server of e-mail, webmail, HTTP (Web BBs. Blog etc.), FTP, Telnet and messengers (MSN, NateOn, Yahoo, DaumTouch, BuddyBuddy, MsLee, AOL, SoftMe) of a company, and implement through coding. Therefore have a purpose of these Paper to will contribute in scientific technical development regarding a crime cyber a computer through Web Forensics.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.241-244
• /
• 2011

Recently, Due to development of Internet techniques, user suddenly increased that Used of Web services and with out constraints of place and time has been provided. typically, Web services used ID/Password authentication. User confirmed personal data Stored on Web servers after user authorized. web service provider is to provide variety security techniques for the protection personal information. However, recently accident has happened is the malicious attackers may capture user information such as users entered personal information through new keyboard hooking. In this paper, we propose a keyboard hooking protected password input method using CAPTCHA. The proposed password input method is based on entering the password using mouse click or touch pad on the CAPTCHA image. The mapping of CAPTCHA image pixels is random.

• The KIPS Transactions:PartC
• /
• v.9C no.1
• /
• pp.9-16
• /
• 2002

As existing analog video surveillance systems could save and retrieve data only in a limited space within short distance, it had many constraints in developing into various application systems. However, on the back of development of the Internet and computer technologies, digital video surveillance systems can be controlled from a remote location by web browser without space limits. Moreover, data compression and management technologies with Index Search algorithm make it possible to efficiently handling, storing, and retrieving a large amount of data and further motion detection algorithm enhances a recording speed and efficiency for a practical application, that is, a practical remote recordable video surveillance system using our efficient algorithms as mentioned, called WebCam. The WebCam server system can intelligently record and save video images digitized through efficient database management, monitor and control cameras in a remote place through user authentication, and search logs.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.3
• /
• pp.279-284
• /
• 2004

Fingerprints have been widely used in the biometric authentication because of its performance, uniqueness and universality. Recently, the speed of identification becomes a very important point in the fingerprint-based security applications. Also, the reliability still remains the main issue in the fingerprint identification. In this paper, we propose the fast and reliable fingerprint matching algorithm based on the process of the 'self-nonself' discrimination in the biological immune system. The proposed algorithm is organized by two-matching stage. The 1st matching stage does the matching process by the use of the 'self-space' and MHC detector string set that are generated from the minutiae and the values of the directional field. Then the 2nd matching stage is made based on the local-structure of the minutiae. The proposed two matching stage reduces matching time while the reliability of the matching algorithm is maintained.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.943-950
• /
• 2010

A secure entrance system is complicated because it should have various functions like monitoring, logging, tracing, authentication, authorization, staff locating, managing staff enter-and-leave, and gate control. In this paper, we built and applied a secure entrance system for a domestic nuclear plant using Aspect Oriented Programming(AOP) and design pattern. Using AOP has an advantage of clearly distinguishing the role for each functional module because building a system separated independently from the system's business logic and security logic is possible. It can manage system alternation flexibility by frequent change of external environment, building a more flexible system based on increased code reuse, efficient functioning is possible which is an original advantage of AOP. Using design pattern enables to design by structuring the complicated problems that arise in general software development. Therefore, the safety of the system can also be guaranteed.