• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.34
• /
• pp.157-185
• /
• 2007

The purpose of this thesis is to contribute to the activation of e-contract service for one stop e-trade by analyzing the problems and its solutions in e-contract service at home and abroad. In order to achieve the purpose of this thesis, case studies are done on e-contract service providers such as CECTRUST service of NTT DATA in Japan and HanCM.com of Haansoft in Korea and user companies such as Taisei Corporation using CECTRUST service and Hyundai Card using HanCM.com. The problems in the e-contract service are the lack of e-contract service providers, rare publicity of e-contract service, limited use of e-contract service at only home, higher pricing for e-contract service, short time management of e-contract documents by service providers, no application of newly developed security technology to e-contract service, unsatisfaction of requirements of e-contract service provider as trusted third party, absence of lower pricing e-contract service by service provider, authorizing key error in electronic signature under recognized authentication system in case of fail in renewal of digital certificate and reproduction of digital certificate. The solutions of these problems are the upbringing of e-contract service providers, broad publicity of e-contract service, development of e-contract service on a global basis, establishment of lower pricing for e-contract service, long time management of e-contract documents by service providers, application of newly developed security technology such as bio technology to e-contract service, satisfaction of requirements of e-contract service provider as trusted third party by designation of recognized e-document repository, development of lower e-contract service by way of application service provider(ASP), introduction of time stamping of e-contract document and signature key value. The limitation of this thesis is that the problems and its solutions could not meet with the broad recognition as they are conferred by intuition because of few e-contract service provider.

• Journal of KIISE:Computer Systems and Theory
• /
• v.34 no.7
• /
• pp.288-295
• /
• 2007

The illegal copying and redistribution of digitally-stored information is a crucial problem to distributors who electronically sell digital data. fingerprinting scheme is a technique which supports copyright protection to track redistributors of electronic information using cryptographic techniques. Anonymous asymmetric fingerprinting scheme prevents the merchant from framing a buyer by making the fingerprinted version known to the buyer only. And this scheme allows the buyer to purchase goods without revealing her identity to the seller. In this paper, a new anonymous asymmetric fingerprinting scheme with TTP is introduced. The buyer's fingerprint is generated by the Fingerprint Certificate Authority which is a TTP. When the seller embeds the fingerprint in the digital data, the protocol uses the homomorphic encryption scheme. Thus the seller cannot know the buyer's fingerprint and the buyer's anonymity is guaranteed by using anonymous key pair.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.9C
• /
• pp.1345-1351
• /
• 2004

Due to the overwhelming importance the Internet gained nowadays, more and more sophisticated security services are requested. However many applications such as Internet Banking, Home Trading System, Electronic Medical Recede, electronic commerce, etc. are related to non-repudiation. Non-repudiation services are one of these new security requirements. ill comparison to other security issues, such as privacy or authenticity of communications, non-repudiation has not been studied intensively. Informally, we say that a protocol is fair if at the end of the protocol execution either originator receives a non-repudiation of receipt evidence and recipient receives a non-repudiation of origin evidence or none of them receives any valid evidence. The most non-repudiation protocols rely on a trusted third party(TIP) that has to intervene during each protocols run. the TIP may create a communication bottleneck. ill this paper, we suggest the digital signature recorder that guarantees fairness logically and supplies minimal network bottleneck to be composed verification server physically.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.3
• /
• pp.568-574
• /
• 2015

Recently RFID not only is widely utilized in various fields such as inventory management, merchandize logistics, etc., but also, has evolved as an important component of the Internet of Things (IoT). According to increasing the utilization field of RIFD, studies for security and privacy for RFID system have been made diverse. Among them, the ownership transfer protocols for RFID tags have also been proposed in connection with the purchase of products embedded with RFID tag. Recently, Kapoor and Piramuthu proposed a RFID ownership transfer protocol to solve the problems of security weakness of the previous RFID ownership transfer protocols. In this paper, we show that Kapoor-Piramuthu's protocol also has security problems and provide a new protocol to resolve them. Security analysis of newly proposed protocol shows the security concerns are resolved.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.825-834
• /
• 2003

In this paper, we propose a new certified e-mail system which reduces user's computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.10
• /
• pp.2862-2882
• /
• 2023

With the development of networking technology, it has become common to use various types of network services to replace physical ones. Among all such services, electronic voting is one example that tends to be popularized in many countries. However, due to certain concerns regarding information security, traditional paper voting mechanisms are still widely adopted in large-scale elections. This study utilizes blockchain technology to design a novel electronic voting mechanism. Relying on the transparency, decentralization, and verifiability of the blockchain, it becomes possible to remove the reliance on trusted third parties and also to enhance the level of trust of voters in the mechanism. Besides, the mechanism of blind signature with its complexity as difficult as solving an elliptic curve discrete logarithmic problem is adopted to strengthen the features related to the security of electronic voting. Last but not least, the mechanism of self-certification is incorporated to substitute the centralized certificate authority. Therefore, the voters can generate the public/private keys by themselves to mitigate the possible risks of impersonation by the certificate authority (i.e., a trusted third party). The BAN logic analysis and the investigation for several key security features are conducted to verify that such a design is sufficiently secure. Since it is expected to raise the level of trust of voters in electronic voting, extra costs for re-verifying the results due to distrust will therefore be reduced.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.40 no.4
• /
• pp.22-29
• /
• 2003

In the virtual home environment (VHE), which was proposed to offer global roaming and personal service environment portability, user's profiles and service logics are conveyed from home network to visited network to provide services at the visited network. Because user's profiles and service logics may contain confidential information, some procedures for mutual authentication among entities for offering confidence are needed. For these issues, we propose and analyze three 3-Party mutual authentication Protocols adaptable to the VHE in 3G ; password based mutual authentication protocol, mutual authentication protocol with CHAP and key exchange and mutual authentication protocol with trusted third party.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.75
• /
• pp.137-158
• /
• 2017

Traditional banking systems of transactions are being replaced by FfinTech. Block Chain System can be a key point in Fourth Industrial Revolution such as AI, Big Data, IOT and also can be used as a tools of smart contract or smart payment systems in International Trade. If banking regulation is to be liberalized FinTech would be more activated in Korea and various attempts would be available especially smart payment in business. There are so many levels to be achieved from the time of contract to the time of clearance. We cannot expect speed and range of IT advancement and international trade, Block Chain system will challenge the traditional banking process. First, Block Chain Payment system can be used in P2P, B2B transaction and also T/T in small business. Second, Bit Coin transaction can be available within the parties without the Trusted Third Party. Third, By using of Block Chain system Traditional International Trade process can be altered.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3852-3864
• /
• 2016

Patients' health data is very sensitive and the access to individual's health data should be strictly restricted. However, many data consumers may need to use the aggregated health data. For example, the insurance companies needs to use this data to setup the premium level for health insurances. Therefore, privacy-preserving data aggregation solutions for health data have both theoretical importance and application potentials. In this paper, we propose a privacy-preserving health data aggregation scheme using differential privacy. In our scheme, patients' health data are aggregated by the local healthcare center before it is used by data comsumers, and this prevents individual's data from being leaked. Moreover, compared with the existing schemes in the literature, our work enjoys two additional benefits: 1) it not only resists many well known attacks in the open wireless networks, but also achieves the resilience against the human-factor-aware differential aggregation attack; 2) no trusted third party is employed in our proposed scheme, hence it achieves the robustness property and it does not suffer the single point failure problem.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.3
• /
• pp.7-14
• /
• 2005

There are lots of XML security researches as growing importance of XML. Apvrille and Girier proposed a XML signature schema with a time stamping protocol(TSP) to support timeliness. However, the security of the timeliness in their schema depends on only a trusted security authority(TSA). To solve this problem, they suggested a solution by the distributed and linked model, but their solution has a big overhead. This paper proposes a new XML signature schema to solve the overhead problem. The proposed signature schema can offer the timeliness by the XML signature schema with user's timestmap and it solve the TSA's security problem.