• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.23-36
• /
• 2005

The main obstacle hindering the wide deployment of identity-based cryptosystem is that the entity responsible for creating the private key has too much power. As a result, private keys are no longer private. One obvious solution to this problem is to apply the threshold technique. However, this increases the authentication computation, and communication cost during the key issuing phase. In this paper, we propose a new effi ient model for issuing multiple private keys in identity-based encryption schemes based on the Weil pairing that also alleviates the key escrow problem. In our system, the private key of a user is divided into two components, KGK (Key Description Key) and KUD(Key Usage Desscriptor), which are issued separately by different parties. The KGK is issued in a threshold manner by KIC (Key Issuing Center), whereas the KW is issued by a single authority called KUM (Key Usage Manager). Changing KW results in a different private key. As a result, a user can efficiently obtain a new private key by interacting with KUM. We can also adapt Gentry's time-slot based private key revocation approach to our scheme more efficiently than others. We also show the security of the system and its efficiency by analyzing the existing systems.

• Journal of Convergence for Information Technology
• /
• v.11 no.2
• /
• pp.31-40
• /
• 2021

Blockchain technology is also actively studied in the real estate transaction field, and real estate transactions have various ways. In this paper, we propose a model that simplifies the authentication procedure of auction systems using Ethereum's Ether to solve the problem of offline court auctions. The proposed model is written in Ethereum's Solidity language, the court registers the sale date and the sale date with the DApp browser, and the bidder accesses the address of the individual's wallet created through Metamask's private key. The bidder then selects the desired sale and enters the bid price amount to participate in the auction. The bidder's record of the highest bid price for the sale he wants is written on the Ethereum test network as a smart contract. and creates a block. Finally, smart contracts written on the network are distributed by the court auction manager to all nodes in the blockchain network, and each node in the blockchain network can be viewed and contract verified. As a result of analyzing the smart contracts of the proposed model and the performance of the system, there are fees incurred due to the creation and use of Ether on platforms using Ethereum, and participation. Ether's changes in value affect the price of the sale, resulting in inconsistent fees in smart contracts each time. However, in future work, we issue our own tokens to solve the market volatility problem and commission problem with the value change of Ether, and refine complex court auction systems.

• Journal of Intelligence and Information Systems
• /
• v.12 no.1
• /
• pp.1-15
• /
• 2006

In Korea, a resident registration card has various personal information such as a present address, a resident registration number, a face picture and a fingerprint. A plastic-type resident card currently used is easy to forge or alter and tricks of forgery grow to be high-degree as time goes on. So, whether a resident card is forged or not is difficult to judge by only an examination with the naked eye. This paper proposed an automatic recognition method of a resident card which recognizes a resident registration number by using a refined ART2-based RBF network newly proposed and authenticates a face picture by a template image matching method. The proposed method, first, extracts areas including a resident registration number and the date of issue from a resident card image by applying Sobel masking, median filtering and horizontal smearing operations to the image in turn. To improve the extraction of individual codes from extracted areas, the original image is binarized by using a high-frequency passing filter and CDM masking is applied to the binaried image fur making image information of individual codes better. Lastly, individual codes, which are targets of recognition, are extracted by applying 4-directional contour tracking algorithm to extracted areas in the binarized image. And this paper proposed a refined ART2-based RBF network to recognize individual codes, which applies ART2 as the loaming structure of the middle layer and dynamicaly adjusts a teaming rate in the teaming of the middle and the output layers by using a fuzzy control method to improve the performance of teaming. Also, for the precise judgement of forgey of a resident card, the proposed method supports a face authentication by using a face template database and a template image matching method. For performance evaluation of the proposed method, this paper maked metamorphoses of an original image of resident card such as a forgey of face picture, an addition of noise, variations of contrast variations of intensity and image blurring, and applied these images with original images to experiments. The results of experiment showed that the proposed method is excellent in the recognition of individual codes and the face authentication fur the automatic recognition of a resident card.

• Journal of Intelligence and Information Systems
• /
• v.18 no.3
• /
• pp.97-117
• /
• 2012

Nowadays, Internet users tend to do a variety of actions at the same time such as web browsing, social networking and multimedia consumption. While watching a video, once a user is interested in any product, the user has to do information searches to get to know more about the product. With a conventional approach, user has to search it separately with search engines like Bing or Google, which might be inconvenient and time-consuming. For this reason, a video annotation platform has been developed in order to provide users more convenient and more interactive ways with video content. In the future of smart TV environment, users can follow annotated information, for example, a link to a vendor to buy the product of interest. It is even better to enable users to search for information by directly discussing with friends. Users can effectively get useful and relevant information about the product from friends who share common interests or might have experienced it before, which is more reliable than the results from search engines. Social networking services provide an appropriate environment for people to share products so that they can show new things to their friends and to share their personal experiences on any specific product. Meanwhile, they can also absorb the most relevant information about the product that they are interested in by either comments or discussion amongst friends. However, within a very huge graph of friends, determining the most appropriate persons to ask for information about a specific product has still a limitation within the existing conventional approach. Once users want to share or discuss a product, they simply share it to all friends as new feeds. This means a newly posted article is blindly spread to all friends without considering their background interests or knowledge. In this way, the number of responses back will be huge. Users cannot easily absorb the relevant and useful responses from friends, since they are from various fields of interest and knowledge. In order to overcome this limitation, we propose a method to filter a user's friends for information search, which leverages semantic video annotation and social networking services. Our method filters and brings out who can give user useful information about a specific product. By examining the existing Facebook information regarding users and their social graph, we construct a user profile of product interest. With user's permission and authentication, user's particular activities are enriched with the domain-specific ontology such as GoodRelations and BestBuy Data sources. Besides, we assume that the object in the video is already annotated using Linked Data. Thus, the detail information of the product that user would like to ask for more information is retrieved via product URI. Our system calculates the similarities among them in order to identify the most suitable friends for seeking information about the mentioned product. The system filters a user's friends according to their score which tells the order of whom can highly likely give the user useful information about a specific product of interest. We have conducted an experiment with a group of respondents in order to verify and evaluate our system. First, the user profile accuracy evaluation is conducted to demonstrate how much our system constructed user profile of product interest represents user's interest correctly. Then, the evaluation on filtering method is made by inspecting the ranked results with human judgment. The results show that our method works effectively and efficiently in filtering. Our system fulfills user needs by supporting user to select appropriate friends for seeking useful information about a specific product that user is curious about. As a result, it helps to influence and convince user in purchase decisions.

• Journal of KIISE:Information Networking
• /
• v.34 no.5
• /
• pp.405-422
• /
• 2007

Recently, according to the network environment, there are many researches for home network. Nowadays, in home network, the method that access control policy is managed for each home device by using ACL is popular, and EAM (Extranet access management) is applied as a solution. In addition, the research about secure OS is ongoing based on open operating system and the research of user authentication mechanisms for home network using home server is also in progress. However, these researches have some problems as follows; First, the transmission scope of expected access technology in home network is wide, so unauthenticated outside terminal can access the home network. Second, user is inconvenient because user need to set the necessary information for each device. Third, user privacy and convenience are not considered. OSGi provides a service platform for heterogeneous technologies in home network environment. Here, user access control is one of the core parts which should have no problems such as above items, but there are no concrete researches yet. Thus in this paper, we propose an access control policy management framework and access control operation based on RBAC for user access control in home network environment in which OSGi service platform is operated. First, we list the consideration which is not clearly mentioned in OSGi standard, and then we solve these above problems through new framework. In addition, we propose the effective and economical operation method which reduces the policy change frequency for user access control by using RBAC concept though limited resource of home gateway. Besides, in this paper, these proposed policies are defined separately as user-role assignment policy and permission-role assignment policy, and user decide their own policies. In conclusion, we provide the scheme to enhance the user convenience and to solve the privacy problem.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.4
• /
• pp.975-983
• /
• 1998

In these days, information communication systems are based on both open distributed computing technologies and object-oriented techniques like inheritance, encapsulation and object reuse to support various system configuration and application. As information systems are interconnected through unsecure networks, the need for the secure information exchange is more critical than before. In this paper, we have designed and implemented a transparent CORBA-basce Security infrastructure with authentication, security context association, access control and security information management to support a secure applications in distributed object environment. SESAME Ver. 4 was adopted as an external security service to manage user privilege attributes and to distribute keys for data encryption, decryption and integrity. Using filter and transformer with an interface to Object Request Broker, it provides a transparent security service to applications. The filter objects are special classes that allow additional parameters to be inserted into messages before they are sent and removed just after they are received. The transformer objects are special classes that allow direct access to the byte stream of every messages for encryption and decryption before it is sent and just after it is received. This study is to implement the access control interceptor(ACI) and the secure invocation interceptor(SII) of secure ORB defined in CORBA using filter and transformer.

• Journal of Science and Technology Studies
• /
• v.17 no.1
• /
• pp.117-144
• /
• 2017

In Korea, currently, only the growth possibility of bioinformation industry has received the public attention, and social discussion on bioinformation management is meager. Based on this critical perspective, this study investigates the current status of public awareness of the bioinformation which can be a basis for the social discussion for bioinformation management. The most significant characteristics identified in the survey is that many citizens, while expressing their agreement on the use of biometric technology by purpose and taking an open stance on national fingerprint information collection, have considerable concern for the identity authentication system using the current biometric technology. In particular, the survey pointed out that it is hard to trust the institutions that collect the bioinformation. Also, the public expressed the particular concern for the health data including the body information and showed overwhelming consent for the necessity of more stringent regulation compared with other personal information. In regards to the medical information gathered from medical institutions, nearly 80% of the survey respondents did not agree on providing the information to commercial enterprises, and even 60% of them disagreed on using it for academic and statistical research. This result well demonstrates that thorough management of the bioinformation is required for its utilization.

• Journal of KIISE:Software and Applications
• /
• v.35 no.10
• /
• pp.616-626
• /
• 2008

The face shape extracted by the depth values has different appearance as the most important facial feature information and the face images decomposed into frequency subband are signified personal features in detail. In this paper, we develop a method for recognizing the range face images by combining the multiple frequency domains for each depth image and depth fusion using fuzzy integral. For the proposed approach, the first step tries to find the nose tip that has a protrusion shape on the face from the extracted face area. It is used as the reference point to normalize for orientated facial pose and extract multiple areas by the depth threshold values. In the second step, we adopt as features for the authentication problem the wavelet coefficient extracted from some wavelet subband to use feature information. The third step of approach concerns the application of eigenface and Linear Discriminant Analysis (LDA) method to reduce the dimension and classify. In the last step, the aggregation of the individual classifiers using the fuzzy integral is explained for extracted coefficient at each resolution level. In the experimental results, using the depth threshold value 60 (DT60) show the highest recognition rate among the regions, and the depth fusion method achieves 98.6% recognition rate, incase of fuzzy integral.

• The KIPS Transactions:PartC
• /
• v.8C no.5
• /
• pp.573-584
• /
• 2001

Policy-Based Network Management (PBNM) architecture is to meet various needs of network users and to provide effective management facilities in distributed and large scale networks to network managers. In PBNM, network managers perform network management operations by stipulating a set of rules rather than control each network component. On the other hand, providing security services such as authentication, privacy of messages as well as a new flexible and extensible administration framework, SNMPv3 enables network managers to monitor and control the operation of network components more secure way than ever before. Despite of its enhanced security services, SNMPv3 has difficulties in managing distributed, large-scaled network because it does not provide centralized security management facilities. In this paper, we propose a new security model called Role-based Security Management model (RSM) with security management policy to support scalable and centralized security management for SNMP-based networks. Also, the structure and the operation of the security system as well as the efficiency analysis of RSM in terms of security management are also described.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.10
• /
• pp.421-428
• /
• 2017

The need for various approaches to non-face-to-face identification technology for registering and authenticating users online is being required because of the growth of online financial services and the rapid development of financial technology. In general, non-face-to-face approaches can be exposed to a greater number of threats than face-to-face approaches. Therefore, identification policies and technologies to verify users by using various factors and channels are being studied in order to complement the risks and to be more reliable non-face-to-face identification methods. One of these new approaches is to collect and verify a large number of personal information of user. Therefore, we propose a big-data based non-face-to-face Identity Proofing method that verifies identity on online based on various and large amount of information of user. The proposed method also provides an identification information management scheme that collects and verifies only the user information required for the identity verification level required by the service. In addition, we propose an identity information sharing model that can provide the information to other service providers so that user can reuse verified identity information. Finally, we prove by implementing a system that verifies and manages only the identity assurance level required by the service through the enhanced user verification in the non-face-to-face identity proofing process.