• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.83-88
• /
• 2008

Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.35-46
• /
• 2013

As mobile terminal environment gets matured, the use of Android platform based mobile terminals has been growing high. Recently, the number of attacks by malicious application is also increasing as Android platform is vulnerable to private information leakage in nature. Most of these malicious applications are easily distributed to general users through open market or internet and an attacker inserts malicious code into malicious app which could be harmful tool to steal private data and banking data such as SMS, contacts list, and public key certificate to a remote server. To cope with these security threats more actively, it is necessary to develop countermeasure system that enables to detect security vulnerability existing in mobile device and take an appropriate action to protect the system against malicious attacks. In this sense, this paper aggregates diverse system events from multiple mobile devices and also implements a system to detect attacks by malicious application.

• Journal of Digital Convergence
• /
• v.11 no.7
• /
• pp.215-223
• /
• 2013

As cloud computing is activated, a variety of cloud services are being distributed. However, to use each different cloud service, you must perform a individual user authentication process to service. Therefore, not only the procedure is cumbersome but also due to repeated authentication process performance, it can cause password exposure or database overload that needs to have user's authentication information each cloud server. Moreover, there is high probability of security problem that being occurred by phishing attacks that result from different authentication schemes and input scheme for each service. Thus, when you want to use a variety of cloud service, we proposed OpenID based user authentication scheme that can be applied to a multi-cloud environment by the trusted user's verify ID provider.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.1
• /
• pp.62-70
• /
• 2002

The purpose of this paper in that users can use mobile device applications more easily and efficiently through MoDAM (Mobile Device Application Management) system. MoDAM automates the process of web retrieval for obtaining mobile device applications and the process of installing or updating it on mobile devices and then supply users with these automated services in a step form by combining two separated processes. We implement a web agent conforming to OSD (Open Software Description) specification for automating software retrieval and downloading and also a mobile device based software management module conforming to SyncML (Synchronization Markup Language) specification for synchronizing common data between server and client. The method of automated software retrieval and management for mobile devices using these standard specifications minimizes users' interrupts and also can be applied to traditional several different mobile devices, operating systems or downloading web sites without platform dependent considerations.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.117-124
• /
• 2008

It improves human being's life quality that all people can have mure convenient medical service under pervasive computing environment. For a pervasive health care application for cardiac patient, we've implemented a health care system, which is composed of three parts. Various sensors monitor outer as well as inner environment of human such as temperature, humidity, light and electrocardiogram, etc. These sensors form a network based on Zigbee. And medical information server accumulates sensing values and performs back-end processing. To simply transfer these sensing values to a medical team is a simple level's medical service. So, we've designed a new service model based on back propagation neural network for more improved medical service. Our experiments show that a proposed healthcare system can give high level's medical service because it can recognize human's context more concretely.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.9 no.1
• /
• pp.179-187
• /
• 2019

With the recent development of small computing devices, IoT sensor network can be widely deployed and is now readily available with sensing, calculation and communi-cation functions at low cost. Sensor data management is a major component of the Internet of Things environment. The huge volume of data produced and transmitted from sensing devices can provide a lot of useful information but is often considered the next big data for businesses. New column-wise compression technology is mounted to the large data server because of its superior space efficiency. Since sensor nodes have narrow bandwidth and fault-prone wireless channels, sensor-based storage systems are subject to incomplete data services. In this study, we will bring forth a short overview through providing an analysis on IoT sensor networks, and will propose a new storage management scheme for IoT data. Our management scheme is based on RAID storage model using column-wise segmentation and compression to improve space efficiency without sacrificing I/O performance. We conclude that proposed storage control scheme outperforms the previous RAID control by computer performance simulation.

• Journal of KIISE:Computing Practices and Letters
• /
• v.13 no.1
• /
• pp.11-23
• /
• 2007

In this paper, we design and implement a framework based on Web Services for effective management of the profiles that were proposed to provide a user with personalized service. The profiles must be constituted the related information of the user and could be exchanged according to cyclic.acyclic or event among user's device, profile repository and service server for providing the user with personalized service. The profiles also must be supplied the services providers that need to the profiles for the personalized service. The profile framework is necessary to provide the functions like this for managing effectively of the personalized service. The proposed framework used the Web Services for exchanging and providing the profile regardless the various devices and platform. The framework also was applied the metadata constitute method and dynamic constitute method for managing effectively of the profile. The result of experiment using proposed framework was effective process and management of the profile and could exchange the profile with regardless of platform and device. The implemented system using the proposed framework was foundation of providing the personalized services with a user by through a effective management function of the profile.

• Journal of Internet Computing and Services
• /
• v.16 no.2
• /
• pp.109-115
• /
• 2015

The new medical device technologies for bio-signal information and medical information which developed in various forms have been increasing. Information gathering techniques and the increasing of the bio-signal information device are being used as the main information of the medical service in everyday life. Hence, there is increasing in utilization of the various bio-signals, but it has a problem that does not account for security reasons. Furthermore, the medical image information and bio-signal of the patient in medical field is generated by the individual device, that make the situation cannot be managed and integrated. In order to solve that problem, in this paper we integrated the QR code signal associated with the medial image information including the finding of the doctor and the bio-signal information. bio-signal. System implementation environment for medical imaging devices and bio-signal acquisition was configured through bio-signal measurement, smart device and PC. For the ROI extraction of bio-signal and the receiving of image information that transfer from the medical equipment or bio-signal measurement, .NET Framework was used to operate the QR server module on Window Server 2008 operating system. The main function of the QR server module is to parse the DICOM file generated from the medical imaging device and extract the identified ROI information to store and manage in the database. Additionally, EMR, patient health information such as OCS, extracted ROI information needed for basic information and emergency situation is managed by QR code. QR code and ROI management and the bio-signal information file also store and manage depending on the size of receiving the bio-singnal information case with a PID (patient identification) to be used by the bio-signal device. If the receiving of information is not less than the maximum size to be converted into a QR code, the QR code and the URL information can access the bio-signal information through the server. Likewise, .Net Framework is installed to provide the information in the form of the QR code, so the client can check and find the relevant information through PC and android-based smart device. Finally, the existing medical imaging information, bio-signal information and the health information of the patient are integrated over the result of executing the application service in order to provide a medical information service which is suitable in medical field.

• Journal of Internet Computing and Services
• /
• v.19 no.1
• /
• pp.97-103
• /
• 2018

In oriental paintings, there is Luo-kuan that expressed in a single picture by compressing the artist's information. Such Luo-kuan includes various information such as the title of the work or the name of the artist. Therefore, information about Luo-kuan is considered important to those who collect or enjoy oriental paintings. However, most of the letters in the Luo-kuan are difficult kanji, kanzai, or various shapes, so it is difficult for the ordinary people to interpret. In this paper, we developed an Luo-kuan search application to easily check the information of the Luo-kuan. The application uses a search algorithm that analyzes the captured Luo-kuan image and sends it to the server to output information about the Luo-kuan candidates that are most similar to the Luo-kuan images taken from the database in the server. We also compared and analyzed the accuracy of the algorithm based on 170 Luo-kuan data in order to find out the ranking of the Luo-kuan that matched the Luo-kuan among the candidates. Accuracy Analysis Experimental Results The accuracy of the search algorithm of this application is confirmed to be about 90%, and it is anticipated that it will be possible to develop a platform to automatically analyze and search images in a big data environment by supplementing the optimizing algorithm and multi-threading algorithm.