• Journal of the Korea Society of Computer and Information
• /
• v.19 no.10
• /
• pp.107-115
• /
• 2014

In recent years, large companies and public institutions in the Smartphone business purposes has been used a lot. Personal Smartphone are worried about security of personal information only. But if you are a corporate or business purposes requires a more cautious approach. It can destroy an organization's network to hack Smartphones have very serious damage. For this purpose, the existing solution, and try to solve security issues with MDM or MAM. However, Smartphone users discomfort and there is a limit of organizational control. In this paper, we can propose with these issues more broadly would like to suggest. Secure mobile traffic management system enables companies or agencies the ease for users to use a Smartphone. And, for organizations that provide smart phones are more powerful and can provide a means of control. In addition, wired/wireless integration and security measures that can provide new services to offer.

• The KIPS Transactions:PartA
• /
• v.10A no.5
• /
• pp.433-438
• /
• 2003

To provede public services through Internet, there are several prerequisites such as security issue resolutions for public area installation and hardware support for authorized signatures etc. in addition to web-based system development. A kiosk-based system is a right solution for public services provision through Internet because a kiosk has hardware features supporting authorized signatures and also it can be installed at public area through Internet without security exposure, meeting security guidelines of National Intelligence Service. The process to provide public services through a koisk is that a client requests a kind of public services selecting menu through the kiosk, then the system issues a civil service documents after taking authentification and payment process. To support those kinds o processes it is required to support electronic payment using SMART card in addition to cash payment and to apply government standard security guidelines to protect administrative and personal information. This kiosk-based Internet public service system support and meet those all requirements.

• Journal of Internet Computing and Services
• /
• v.18 no.6
• /
• pp.75-84
• /
• 2017

As there has been growing interests in PHR-based personalized health management project, various institutions recently explore safe methods of recording personal medical and health information. In particular, innovative medical solution can be realized when medical researchers and medical service institutes can generally get access to patient data. As EMR data is extremely sensitive, there has been no progress in clinical information exchange. Moreover, patients cannot get access to their own health data and exchange it with researchers or service institutions. It can be operated in terms of technology, yet policy environment are affected by state laws as well as Privacy and Security Policy. Blockchain technology-independent, in transaction, and under test-is introduced in the medical industry in order to settle these problems. In other words, medical organizations can grant preliminary approval on patient information exchange by using the safely encrypted and distributed Blockchain ledger and can be managed independently and completely by individuals. More apparently, medical researchers can gain access to information, thereby contributing to the scientific advance in rare diseases or minor groups in the world. In this paper, we focused on how to manage personal medical information and its protective use and proposes medical treatment exchange system for patients based on a permissioned Blockchain network for the safe PHR operation. Trusted Model for Sharing Medical Data (TMSMD), that is proposed model, is based on exchanging information as patients rely on hospitals as well as among hospitals. And introduce medical treatment exchange system for patients based on a permissioned Blockchain network. This system is a model that encrypts and records patients' medical information by using this permissioned Blockchain and further enhances the security due to its restricted counterfeit. This provides service to share medical information uploaded on the permissioned Blockchain to approved users through role-based access control. In addition, this paper presents methods with smart contracts if medical institutions request patient information complying with domestic laws by using the distributed Blockchain ledger and eventually granting preliminary approval for sharing information. This service will provide an independent information transaction and the Blockchain technology under test will be adopted in the medical industry.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.941-949
• /
• 2014

Demands for cloud computing service rapidly increased along with the expansion of supplying smart devices. Interest in cloud system has led to the question whether it is really safe. Due to the nature of cloud system, cloud service provider can get a user's private information and disclose it. There is a large range of opinion on this issue and recently many researchers are looking into fully homomorphic encryption as a solution for this problem. Fully homomorphic encryption can permit arbitrary computation on encrypted data. Many security threats will disappear by using fully homomorphic encryption, because fully homomorphic encryption keeps the confidentiality. In this paper, we research possible security threats in cloud computing service and study on the application method of fully homomorphic encryption for cloud computing system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1201-1209
• /
• 2016

While the legacy electric grid evolving into the smart grid, various communication standards have been used for interoperability between many components. In this situation, the needs emerged for protocol conversion and mapping method for connecting the outside components to the operation center. In this paper, according to the surge of IEC 61850-based substation automation, we studied the protocol conversion gateway for linking legacy DNP3-based control center and IEC 61850-based substation automation. This paper is based on the IEEE 1815.1 standard for the protocol mapping. We suggested the direction of development the gateway and developed prototype for evaluate the proposed gateway. Also, we bring up a security problem and give a solution.

• Smart Media Journal
• /
• v.5 no.1
• /
• pp.114-121
• /
• 2016

Currently, different medical institutions have been carrying out the e-healthcare system project. The system includes electronic medical record and prescription delivery system, and, the Medical Treatment law permits electronic signature for medical record management, which reduced the relevant costs and enabled sharing medical record. And medical solution using online certificates is expanding its application. In that light, the role of certificates became more important than ever. However, in contrast to active effort made to manage personal certificates, certificates related to medical solutions and other types of work are not being managed properly. Most work-related certificates are saved in office computers, which makes them vulnerable to various security threats. Although certificate servers can be used as a solution to this problem, hospitals must build the server separately and, therefore, small and medium-size hospitals can be reluctant to bear the burden. This study proposed a way to design and implement an effective and secure certificate management system by save the certificate file as a BLOB, using existing resources without needing to build a separate certificate server, at minimized costs.

• Proceedings of the KAIS Fall Conference
• /
• 2010.11a
• /
• pp.255-258
• /
• 2010

유비쿼터스 시대의 도래로 인하여 웹 환경에서 원격서버로 사용자들의 통신이 급증함에 따라 최근에는 사용자의 개인 프라이버시 보호에 대한 관심이 증가하면서 사용자 익명성을 제공하는 스마트카드 기반 인증 프로토콜에 대한 연구가 활발하게 진행되고 있다. 하지만 기존에 제시된 익명성 기법들은 안전성 및 효율성에 대한 문제가 지속적으로 지적되어 왔다. 또한 그 중에서 가장 큰 문제점이 익명성과 역상성을 갖고 있는 추적기술 이었다. 이에 본 논문은 이러한 사용자 인증에서의 부분 익명성 그리고 문제 발생 시 익명의 사용자를 추적할 수 있는 기법을 제안한다.

• International journal of advanced smart convergence
• /
• v.10 no.2
• /
• pp.53-58
• /
• 2021

In this paper, based on the real estate registration model in the Chinese internet environment, we propose a model for the joint business of banking collateral registration. This is to increase the efficiency and service level of the real estate mortgage registration process. And it can solve the problems that in the process of registering a mortgage loan, difficulty of data sharing between the real estate registration agency and the bank, and ordinary users and bank clerks duplicate unnecessary work. In addition, it realizes joint processing and data sharing of real estate registration work with real estate registration agencies and banks, increases the efficiency and level of government affairs services, and offers an optimized solution to realize a one-stop service for real estate security registration. The results of this study are expected to provide theoretical support for the application and innovation of the Internet environment real estate registration model.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.41-54
• /
• 2020

In this paper, it will study various problems such as personal information infringement from when using various useful Apps in the Smartphone environment. It also researched the vulnerabilities Mobile Apps and the risks of personal information leakage when using Smartphone information to decrease threat and find solution. In the second chapter, it will check the existing Mobile App related Apps. In the third chapter, it will check the threats and major factors that caused by the leakage of personal information which related to the app. Then it will suggest solution and end with conclusion. This paper also looked at various problems that caused by illegal adverse effect from illegal personal information collection. Then it researched and made suggestion to make consideration on safety of personal information and privacy infringement that threat to personal information For safety of mobile banking, it proposed a safety method to separate and manage the code which has the core logic which required to run the App. For safety of direction App, when running the direction App, even if the information is collected, location information for unauthorized accessed will encrypt and store in DB, so that access to personal information is difficult. For delivery App environment, by using the national deliver order call center's representative phone to receive a telephone order then, the customer information is delivered to the branch office when it receive order and it will automatically delete information from the server when the delivery is completed by improving DB server of order. For the smart work app environment, the security solution operates automatically by separating and make independent private and work areas. Then it will suggest initialization for company's confidential business information and personal information to safe from danger even if loss.