• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.2149-2152
• /
• 2003

전자상거래에 관련된 데이터 교환이 인터넷 상에서 쉽고 원활하게 이루어질 수 있도록 하는 어플리케이션에 적합한 언어로 평가받고 있는 XML은 문서의 데이터 포맷 표현을 향상시키는데 중점을 두고 만들어졌기 때문에 문서 변조 및 데이터 삭제 등의 공격에 취약한 문제점을 가지고 있다 이러한 문제점에 대한 해결책으로 XML 전자 서명, XML 암호화 기법, XML 접근 제어와 같은 다양한 해결책이 제시되었지만 XML 암호화로 인한 구조적인 XML 유효성 위반 문제 및 DTD 공격에 대한 해결책 부재 등의 문제점이 해결되지 않고 있다. 본 연구에서는 XML 문서에만 전자서명을 첨부하는 것이 아니라. DTD에 전자 서명을 첨부하는 방법을 제안하였다. 먼저 DTD파일을 끝까지 읽으면서 파싱을 하고 여기서 추출되는 엘리먼트나 속성, 엔티티들을 해시테이블에 저장한다. 파싱이 종료되면 해시 테이블을 읽어 들여서 메시지 다이제스트를 수행한다. 수행 후 이를 개인 키와 합성하여 전자 서명을 생성한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.407-410
• /
• 2001

EDI 시스템은 많은 기업들에게 정보통신기술을 활용하여 업무처리시간 및 비용을 절감하고, 품질을 향상시키기 위한 대안으로 사용되어졌다. 그리고, 인터넷으로 인해 세계 어느 곳에서나 필요한 정보를 볼 수 있게 되었으며, 그 와중에 차세대 EDI 시스템들이 출현하였다. 그 중 다양한 문서구조 표현이 가능한 XML 을 활용한 XML/EDI 가 급속하게 확산되었다. 이러한 시스템들은 네트워크를 통해 정보가 전달되므로 보안에 아주 예민하다. 보안 서비스에도 여러 가지가 있지만 전자서명은 큰 비중을 차지한다. 현재 공개키 암호 알고리즘을 이용한 일반적인 전자 서명을 사용하고 있으나 웹에서 표준화가 되어 가고있는 XML 을 이용한 전자서명 기법이 W3C 에서 제안되어 표준화가 진행되고 있으며 이는 EDI 시스템에서 아주 유용하게 이용 가능한 기술이다. 본 논문에서는 전자 문서 교환에 있어서 중요하다고 할 수 있는 XML 전자서명을 XML/EDI 에 적용하여 시스템을 설계하였다.

• Journal of Korea Multimedia Society
• /
• v.8 no.11
• /
• pp.1520-1530
• /
• 2005

As XML is recognized as a prevalent standard for document representation and exchange in the Internet, the need for security of XML becomes very important issue. Until now researches on XML security have been focused on confidentiality or integrity like encryption and digital signature technology. But, as XML data becomes more massive and complicated, it requires managerial security that decided access permit or deny by the authority oi user who is using the XML data. Thus it requires models and mechanisms enabling the specification and enforcement of access control policies for XML documents. In this paper, we suggest the new access control model and mechanism that separate XML documents by access level, assign roles to each user by applying Role Based Access Control (RBAC) and perform access control to specific documents by encrypting each section with roles. The method, we suggested, has an advantage that it does not need to update the whole keys used in encryption process by updating only the relations between appropriate secure layers.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.808-817
• /
• 2000

Component specification languages in consideration of reuse are essential factor in classification, verification and retrieval of components. A number of legacy specification languages have already been used, however, they are complex and include many necessary elements in the specification for implementation. In this paper, we present XML-based component specification and software architecture specification language to solve these problems of legacy specification languages. The presented specification languages consist of component specification, which is composed of signature specification, interface specification and message specification, and software architecture specification providing graphical notations and textural notations. Component specification supports component retrieval with behavioral match and black-box reuse of component. In addition to this, it improves the efficiency of retrieval and document management with XML-based component specification. Software architecture specification supports the structural reuse of architecture, which is white-box reuse, through mesage-based architecture specification.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.544-547
• /
• 2008

The Growth of Multimedia Digital Content market is extending to IP network environment. this is realized via IPTV service which provide Triple-Service that is broadcasting, communication, telephone service. Recently on IPTV Settop box has fixed key for control access permission. and this is cause of Wasting resource to operation and management. it can be resolved to apply DRM System which mixed MPEG-21 REL(Rights Expression Language) and XML Signature. In this paper, we designed Permission Management Module for IPTV Service which can control permission to access via MPEG-21 and XML Signature.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1855-1860
• /
• 2010

This paper describes construction of web services system for secure message transmission appling web services standards. This system composes single sign on module, SSL module and secure message module. We applied these modules to price comparison site. Single sign on module used SAML standards. This module was designed, in order to provide authentication and authorization. As SSL module processes message encryption among end to end, messages of this system are secure. Secure message module is designed according to WS-Security standards and processes authentication, XML signature and XML encryption.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.6
• /
• pp.531-537
• /
• 2005

The Tunnel Broker is to provide dedicated servers and to automatically manage tunnel requests coming from the users. This approach is useful to stimulate the growth of IPv6 interconnected hosts and to provide easy access to their IPv6 networks. However, the existing tunnel broker is vulnerable to attacks of malicious users about network resources and services. Therefore, to solve the secure problem of tunnel broker, this paper presents secure IPv6 tunnel broker based on TSP(Tunnel Setup Protocol). The clients and the tunnel broker are communicated based on SHTTP(Secure HTTP) and the XML message of plain text is converted to XML signature by encryption and decryption. finally, Clients and tunnel server use the IPsec method to protect the important information.

• The Journal of Information Systems
• /
• v.10 no.1
• /
• pp.127-146
• /
• 2001

The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and server, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority(CA).

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.1169-1172
• /
• 2004

웹서비스의 보안정책은 전송계층과 어플리케이션 계층 두 부분에 적용되고 있으며, 분산 어플리케이션간 통신을 할 경우 데이터에 대한 암호화와 인증처리가 가장 중요한 부분이 될 것이다. 본 논문에서 제안한 시스템은 웹서비스 작업에서 클라이언트의 요청을 XML 서명 후 전송하여 요청을 받은 서버측에서 응답을 하기 전 정당한 클라이언트인가를 검증하는 단계를 거친다. 이렇게 함으로써 웹서비스 환경에서의 SOAP을 이용한 메시지계층 보안을 한층 강화시키려는 목적이다.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.575-584
• /
• 2003

Due to hardware resource limit and system incompatibility of the mobile device, and low bandwidth of wireless communication, there are a few difficulties in introducing the digital contract system based on wired communication to M-Commerce. To get over the difficulties, this paper defines a digital contract based upon XML and then addresses the design and implementation of M-XContract, a digital contract system for the mobile environment. M-XContract system has been constructed with the digital contract server, M-ESign module which contracts with the customer on the PDA and transfers the contract digitally signed to the server, M-EDecoder module which shows the contract to the customer from the server, and X-Auth which is a contract authoring tool. To evaluate the run-time performance of the M-XContract, we measured the digital signature generation time and transfer time to the server. The evaluation results show that the M-Xcontract is an efficient model for the mobile contract system.