• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.5
• /
• pp.53-61
• /
• 2006

We propose public-oriented e-Marketplace framework construction that activates efficiently transaction of non-metal industrial resources through the case of Mineralland. The firms of Non-metal industrial resources domain have low information level and weak capital structure. So public enterprise has to construct e-marketplace to trade using exact market information. This framework consists of five domains-contents, commerces, communities, collaboration and electronic authentication. To draw this framework, we review many web-sites and literatures about B2B of industrial resources domain. In addition, this study provides practical implications and guidelines for activating public oriented e-Marketplace of non metal industrial resources.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.4
• /
• pp.838-847
• /
• 2017

CNG which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft is constructed with individual modules based on the plug-in architecture, this means CNG is exceedingly helpful in the cost of development as well as the facility of extension. On the opposite side of these advantages, considerations on security issues are quite insufficient. Therefore, a research on security assurance is strongly required in the environment of distributing and utilizing the CNG library, hence, we analyze possible security vulnerabilities on the CNG library. Based on analyzed vulnerabilities, proof-of-concept tools are implemented and vulnerabilities are verified using them. Verified results are that contents of mail, account information of mail server, and authentication information of web-sites such as Amazon, E-bay, Google, and Facebook are exposed in Outlook program and Internet Explorer program using CNG library. We consider that the analyzed result in this paper can improve the security for various applications using CNG library.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.12
• /
• pp.2601-2608
• /
• 2010

It is difficult to merge text document and to remake use of documents on the most collaborative document authoring system using text document, and also to provide the storage place for saving and keeping documents. It has vulnerable drawbacks about the security though it provides the accessible abilities due to basing it on Web. In this paper, we design and implementation the collaborative document authoring system for XML document to improve a couple of problems on these systems. For these, we based on the DOM to manipulate the modeling object documents and utilized RMI on this system without considering socket communication when it transmits and receives Java objects. We improved the security through processes of authentication. By providing templates and editing functions such as annotation, visualization of document structures, we made easier making collaborative document authoring more than ever.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.453-456
• /
• 2016

Recently, IoT technologies attract much attenction in medical area. Previous medical IoT had focused mainly on chronological diseases or fitness for particular users. Contrarily, medical use of the IoT technologies is now extended for medical institutes and hospitals to care intensively in-house patients, which requires typically more strict and reliable data delivery and security, authentication and authorization. This study defines scenario of the medical IoT for the intensive care and proposes an architecture of the medical IoT services. We implement a testbed using commerical sensors and Arduino board together with a Web-based platform. Experiment results on the testbed show that our approach can be feasible for the medical system in terms of latency and accuracy in medical data delivery.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.104-114
• /
• 2006

In order to use an Internet service, it is a general procedure that user subscribes to the service and then registers her or his id(identifier). As Internet has been more widely used, however, user has more and more ids than ever before. In this environments, whenever user uses an Internet service, she or he must authenticate to the service provider, which makes her or him inconvenient. As user's data is scattered and unmanaged on various web sites, user privacy has been revealed more often. This paper specifies e-IDMS which ETRI has been developing to solve such problems. e-IDMS is an Internet ID(IDentity) management system based on ID Federation Mechanism e-IDMS provides ID Federation-based facilities such as composite authentication, Internet SSG, ID information management, privacy protection and interactive query. e-IDMS is used in establishing integrated ill management system for public institutions.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.163-173
• /
• 2010

PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.898-901
• /
• 2005

In this paper, we design an authorization policy module which provides the safty and reliable authorization of the user to provide the resolution for authorization in distributed environments. PKI have been utilized much by an information security-based structure for Internet electronic commerce, it is developing X.509-based in various application field such as a network security. Especially, it provides good resolution for the authentication of the user in the situation not to meet each other, but it is not enough to provide the resolution of the authorization in distributed computing environments. In this paper, We provide AAS model, which can be used distributed resources by distributed users, and design AAS model which is an authorization policy module in the Linux-based Apache Web server.

• Journal of Practical Engineering Education
• /
• v.13 no.2
• /
• pp.301-304
• /
• 2021

In this study, we developed a module that can perform two functions at the same time through interworking between a personal recognition module and a heat detection module in the era of COVID-19. This can simultaneously solve the problem of compatibility of the personal recognition module that occurs in the existing system and the problem of secondary infection that can occur during congestion due to the separate implementation of heat detection. Therefore, in this study, NFC and Bluetooth motherboards were developed, and an array-type non-contact temperature sensor was applied to detect heat. The developed system is expected to be able to realize both access control of floating population and effective quarantine at the same time in public institutions or private companies that require AI automated access control. In addition, it is judged that it is possible to link the embedded programming and web programming implementation method using the module of the development system to the educational program.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.283-293
• /
• 2012

A new type of malware that extracts personal and account data over an extended period of time and that apparently is resistant to detection by vaccines has been identified. Generally, a malware is installed on a computer through network-to-network connections by utilizing Web vulnerabilities that contain injection, XSS, broken authentication and session management, or insecure direct-object references, among others. After the malware executes registration of an arbitrary service and an arbitrary process on a computer, it then periodically communicates the collected confidential information to a hacker. This paper is a systematic approach to analyzing a new type of malware called "winweng," a kind of worm that frequently made appearances during the first half of 2011. The research describes how the malware came to be in circulation, how it infects computers, how its operations expose its existence and suggests improvements in responses and countermeasures. Keywords: Malware, Worm, Winweng, SNORT.