• Journal of Arbitration Studies
• /
• v.13 no.2
• /
• pp.425-457
• /
• 2004

This study is to approach e-Trade issues and how to settle the dispute for e-Trade according to on-line Alternative Dispute Resolution (ADR) process. Most on-line systems operate on a limited access basis. The increasing use of the internet to do business brings to light at least important concerns to persons who engage in commerce on-line, or e-Trade. There is some concern about the limits of current internet technology to guarantee the security of e-Trade. The new technology has transformed society and is defining new years of doing business. This revolution in technology has even changed the nature of many of the goods and services that are the subjects of e-Trade. There is also concern about the limits of the legal framework to guarantee the enforcement of e-Trade. A significant issue is how the law should be adapted to reflect business practices regarding such cyberspace agreements as Web site click-on agreements, e-data interchange, and on-line sales. The principal benefits of on-line ADR should typically be faster and less expensive than traditional conciliation arbitration. The on-line ADR system has the several significances, decreasing inappropriate cost as time and burden of ADR, providing an approachable measure of relief and more efficient tool for the settle of dispute. Therefore, on-line ADR could be used as an adjunct resolution process in large class actions where each single claim is small, but varies somewhat, thus requiring some individual fact determination.

• Journal of Information Technology Applications and Management
• /
• v.14 no.3
• /
• pp.95-113
• /
• 2007

To minimize IT operational risks and the opportunity cost for lost business hours. it is necessary to have preparedness in advance and mitigation activities for minimization of a loss due to the business discontinuity. There are few cases that banks have a policy on systematic management, system recovery and protection activities against system failure. and most developers and system administrators response based on their experience and the instinct. This article focuses on the mitigation model development for minimizing the incidents of disk unit in IT operational risks. The model will be represented by a network model which is composed of the three items as following: (1) the risk factors(causes, attributes and indicators) of IT operational risk. (2) a periodic time interval through an analysis of historical data. (3) an index or an operational regulations related to the examination of causes of an operational risk. This article will be helpful when enterprise needs to hierarchically analyze risk factors from various fields of IT(information security, information telecommunication, web application servers and so on) and develop a mitigation model. and it will also contribute to the reduction of operational risks on information systems.

• IE interfaces
• /
• v.10 no.3
• /
• pp.75-93
• /
• 1997

Unlike individual applications, it is extremely hard to obtain user requirements for group systems, since there exists very complicated dynamics in group. This may result in spreading a great amount of products with a broad range of contents. Thus, this study presents a comparative analysis of groupware products. As a result, these products have been categorized into three areas which include cooperation/document management systems, collaborative writing systems, and decision-making/meeting systems. While the systems reviewed here focus on the cooperation/document management systems, the other two areas will be dealt in details in part Ⅱ. The first area ends up with two large categories such as proprietary groupware products and intranet groupware products. However, it has been observed that there is a natural convergence between these two categories. Consequently, the comparative analysis has been performed in terms of functions provided on the two categories and a combined category. Each group of the functions has been divided into three parts which consist of basic functions, quasi-basic functions, and others. Such a decision has been made based on the frequency rate of the functions provided in the products. With a more strict rule, the basic functions comprise electronic mail, sanction, bulletin board, document management, scheduling, security, Web browser, and Internet connectivity. This study also provides a framework for integrated functional model of groupware systems. The basic functions are merged into the model. However, the model is so flexible that it can partially include the quasi-functions in addition to the basic functions. In the future, it is expected that a large number of products will stem from the modification of the functional model.

• Journal of Institute of Control, Robotics and Systems
• /
• v.12 no.1
• /
• pp.1-8
• /
• 2006

The home network system guarantees families a safe, economical, socially integrated and healthy life by using information appliances. And it provides a family with domestic safety, control of instruments, controllable energy and health monitoring by connecting to home appliances. This study designs the broadband PLC home controller using broadband PLC(Power Line Communication) technology which can save much cost at a network infrastructure by using the existing power line at home. The broadband PLC home controller consists of the broadband PLC module, the embedded main controller module and I/O module. The broadband PLC home controller can control various domestic appliances such as an auto door-lock, a boiler, an oven, etc., because it has various I/O specifications. In this study, selected home network middleware for the broadband PLC home controller is Jini surrogate using Jini technology designed by means of access to easily a home network system without a limitation of the devices. And a client application program is supported java servlet program to manage and monitor the broadband PLC home controller via web browser of a PC or a PDA, etc. Finally, for an application, we implemented and tested a home security system using one broadband PLC home controller.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.3 s.35
• /
• pp.249-257
• /
• 2005

In this paper proposed automated attack reaction tool based on IPv6. Currently, much researches are performing focused on application program and standardization for IPv6. But, It is not enough for future IPv6 security. The proposed method detect attacks on IPv6 and conventional IPv4, therefore it is possible to protect personal information using automated reaction method. Usually, IDS just perform detection, therefore damages may be repeated. However, this paper considered the problems described above, and suggested solution for this problems. The proposed algorithm suggested in this paper is simulated on IPv6 network based on Linux. As a simulation result, it is proved that proposed algorithm can detect attacks efficiently.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.3
• /
• pp.190-198
• /
• 2013

Since the facilities for the remote users tend to be deployed in distributed manner, authentication schemes for multi-server communication settings, which provide various web services, are required for real-world applications. A typical way to authenticate a remote user relies on password authentication mostly. However, this method is vulnerable to attacks and inconvenient as the system requires users to maintain different identities and corresponding passwords. On the other hand, the user can make use of a single password for all servers, but she may be exposed to variants of malicious attacks. In this paper, we propose an efficient and secure authentication scheme based on a brokered authentication along with smart-cards in multi-server environment. Further we show that our scheme is secure against possible attacks and analyze its performance with respect to communication and computational cost.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.8
• /
• pp.1762-1767
• /
• 2005

PKI provides good resolutions for the authentication of user in the situation not to meet each other, but it is not enough to provide the resolution of authorization in distributed computing environments. Especially, we offer a variety forms of the user Authentication, the Integrity and a security service of the Non-Repudiation, but an authorization Policy, because of the complexity with a lot of information, using m understandable XML, makes a simple and easy certificate to read, and we get the information from DOM fee and do a XML analysis and stardardized-method usage easily In this paper, we provide the AAS model being able to use with the solution of the distributed users' authorization, and we implement an authorization policy module, using XML. in the Linux-based Apache Web server.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.41-62
• /
• 2016

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.10
• /
• pp.3148-3154
• /
• 2000

In this paper. the design and implementationof the on-line registration system for the school affairs is described. The environments for the system configurations include a PC server under Linux Iperating System. Apache Web-server, and MySQL as database engine. In addition, PHP, which becomes a popular Internet server-based script language lately, is used to implement a real-time database. In order to avoid overload problems during short-term registration period, which deconstraces the typical surge of traffics, the proposed system is designed to minimize the unnecessary interfacing tasks. On administrator side task, the sytem is designed to have environments by separating the dechcated server that restricts the scope of specific database thasks. In doing so, it become possibal to build an optical system by distributing, balancing the transaction load, maintainimg the security and efficient administrative tasks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.04b
• /
• pp.853-856
• /
• 2002

인터넷이라는 거대한 네트워크에 연결되어 있는 시스템의 보안 상태를 주기적으로 점검하여 외부로부터의 공격에 취약한 부분을 보완하여 주는 일은 공격에 대한 방어를 위하여 가장 기본적인 일이다. 그러나 수많은 호스트가 상호 연결된 네트워크 관리 시스템에서 관리자가 각 시스템의 보안상 취약점을 전부 인지하고 이에 대한 보완을 수행하는 것은 상당히 어려운 일이다. 따라서 관리자의 수작업에 의한 취약점 분석 작업보다는 자동화된 관리 도구에 의한 취약점 분석이 효율적이다. 이에 본 논문에서는 네트워크 서비스인 HTTP, SMTP의 취약점을 원격에서 분석하는 시스템을 설계 및 구현하였다. WAVAMS는 에이전트와 독립된 mobile 코드의 이동에 의한 동적 분석 모듈의 추가로 가장 최근의 취약점을 신속하게 분석 할 수 있으며 확장성이 높다. 또한 웹 기반으로 설계되어 관리자가 용이하게 관리할 수 있다.