• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.8
• /
• pp.1783-1789
• /
• 2004

It is evaluated that there is infinit capability of creating new e business using P2P program. but the research for the method to protect the copyright of digital contents is urgent even for development of the p2p service because the problem of copyright protection for digital contents is not solved. Though this article, it can be induced that reliable contents sharing use to a flow fund by secure settlement architecture, user authentication and contents encryption and then it as the problem of copyright fee is solved, it is able to discontinue which trouble with a creation work for copyright fee and protection it's once again as growth of p2p market, p2p protocal is will be grow into a important protocal of advanced network. In this article, When users send digital contants to each other in internet, we proposed the P2P DRM algorism to offer a security function which using the technology of copyright management to use a AES Algorithm based on PKI.

• KIISE Transactions on Computing Practices
• /
• v.23 no.8
• /
• pp.504-509
• /
• 2017

Preserving the integrity of the booting process is important. Recent rootkit attacks and subverting OS attacks prove that any post-OS security mechanism can be easily circumvented if the booting process is not properly controlled. Using an actual case as an example, the hacker of the Se-jong government office simply bypassed the user's password authentication by compromising the normal booting process. This paper analyzes existing pre-OS protection using secure boot and measured boot, and proposes another bootloader that overcomes the limitations. The proposed bootloader not only guarantees the integrity of all the pre-OS binaries, bootloaders, and kernel, it also makes explicit records of integrity in the booting process to the external TPM device, so that we can track modifications of BIOS configurations or unintended booting process modifications.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.7C
• /
• pp.985-996
• /
• 2004

In order to solve the increasing security problems, IDSs(Intrusion Detection System) have appeared. However, local IDSs have a limit to detect various intrusions in a large-scale network environment. So there are a lot of researches in progress which organize the elements of IDS in a distributed or hierarchical manner. In this paper, we design a integrated IDS which exchanges messages between them through the standardized message format (IDMEF) and communication protocol (IDXP). We also propose a policy profile for an effective control of IDSs, and employ the PKI mechanism for mutual authentication. We implement a prototype system for the proposed IDSs communicating with Snort and analyze its performance.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.201-208
• /
• 2020

Recently, the application of personal proofing service based on social security number(SSN) replacement means for verifying identity in non-face-to-face transactions is increasing. In this paper, we propose a method of applying differentiated personal proofing service on whether identity verification is necessary in the online service provided by ISP and if it is appropriate to apply a certain level of assurance. By analyzing the requirements related to personal proofing required by current ISPs, we analyze the risks for each of the requirements and propose a method of applying differentiated personal proofing service according to the level of identity assurance guarantee to minimize the risks. In applying the proposed method to online service provision, it is possible to reduce user's unnecessary authentication cost by minimizing the application of personal proofing service based on alternative means, and to help protect user personal information by minimizing excessively collected personal information.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.361-364
• /
• 2012

Through USN (Ubiquitous Sensor Network) is collected the patient's vital information in real-time, also information collected will be stored in the DB (Date Base), frequent use hospital saved patient's vital information for DB. Stored in the patient's vital medical information stored in the patients with frequent hospital patient to hospital if the patient's vital information is stored in DB. But, stored location is within hospital server or stored in a PC environment, because If utilize other Hospital existing hospitals will need to request. However, Existing hospital have problem for security, authentication, management, cost, manpower, such as, because other hospitals and the exchange of information does not come easily. So, If has the advantage of the patient and the patient's vital information is stored on mobile devices that you can use as DB. It is important to find information quickly and accurately, in this study, Is A study on mobile circulation loop DB systems for patient-centered serbices.

• Smart Media Journal
• /
• v.9 no.1
• /
• pp.9-15
• /
• 2020

Recently there have been increasing attempts to apply blockchains to businesses and public institutions. Blockchain is a distributed shared ledger with excellent transparency and security of data and through consensus algorithm, the same data can be shared to all nodes in order. In this paper, Modified PBFT which does not modify the PBFT consensus algorithm is proposed. MPBFT is able to tolerate Byzantine faults on a private blockchain on an asynchronous network. Even with the increase of participating nodes, the network communication cost can be effectively maintained. Modified PBFT takes into account the characteristics of an asynchronous network environment where node-to-node trust is guaranteed. In response to the client's request, PBFT performed the entire participation broadcast several times, but Modified PBFT enabled consensus and authentication through the 2 / N leader. By applying the Modified PBFT consensus algorithm, the broadcast process can be simplified to maintain the minimum number of nodes for consensus and to efficiently manage network communication costs.

• Korean Business Review
• /
• v.13
• /
• pp.207-221
• /
• 2000

In this era of changing system, we may learn lesson from newly developed Uniform Electronic Transation Act(UETA) in 1999. Korea has its counterpart as the Basic Electronic Transaction Act and Electronic Signature Act made by 1999. While UETA stresses on transaction law between individuals, that of Korean stresses on the role of government in electronic transaction. Both laws have the common definitions as electronic record, electronic signature, however, UETA has its own definitions such as automated transaction, computer program, electronic agent, information, information processing system, and security procedure. Especially, transferable record in section 16 is one of the most unique concept which Korean law does not provide. Korean government is planning to introduce electronic note in the near future, which will make unprecedented reform in Korean financial industry. Since Korean law does not have such a concept as electronic note, revision of the law is expected soon. Korean law has its specialty which puts stress on cyber mall, authentication agency, and consumer protection. In U.S., the interpretation of law by court is important when they have disputes according to common law traditon. Studies on cases on disputes in U.S. is needed most for Korean application.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.241-244
• /
• 2011

Recently, Due to development of Internet techniques, user suddenly increased that Used of Web services and with out constraints of place and time has been provided. typically, Web services used ID/Password authentication. User confirmed personal data Stored on Web servers after user authorized. web service provider is to provide variety security techniques for the protection personal information. However, recently accident has happened is the malicious attackers may capture user information such as users entered personal information through new keyboard hooking. In this paper, we propose a keyboard hooking protected password input method using CAPTCHA. The proposed password input method is based on entering the password using mouse click or touch pad on the CAPTCHA image. The mapping of CAPTCHA image pixels is random.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.76-88
• /
• 2022

Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.

• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.38-45
• /
• 2022

Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.