• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.11-19
• /
• 2007

A ubiquitous network environment is a system where the user can avail of the network's services anytime, anywhere. To establish such an environment, studies continue being conducted on wireless communication technology and mobile terminals. The company that provides such services should have an established system for authentication, authorization and charging for users. This service is referred to as Authentication, Authorization, Accounting(AAA), and its aspects have been consistently studied. On the other hand, existing studies have been promoted with regard to the authentication and efficiency of the mobile terminal. One of the method is that the mobile terminal contacts to the home authentication server through the external authentication server every time it is required and; another one is to use a medium server to provide authentication in the middle between them. Thus, this study aims to determine the best method to use ticketing, where tickets are provided through a mobile terminal, complete with authentication and authorization features. Also, as it uses ticket, it can efficiently provide mobile verification processing.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.651-654
• /
• 2010

This paper presents the establishment of the information of metadata for an Authorization tool of UML class diagram. When it comes to modeling classes in UML class diagram, the paper defines expressed classes and the relationship. The class represents the concept of an object, which defines Name, Attribute and Operation. The relationship is between classes, which defines the name and the type of the Relationship, From Class and To Class. And it suggests how to handle and process the information of metadata for an authorization tool of UML class diagram.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.634-637
• /
• 2010

This paper suggests the design of MVC model for an authorization tool of UML class diagram. In the design of MVC model, it is designed to define view, controller and model and perform the individual role of each component. The View represents GUI and the Controller is responsible for data input and output and the Model is to handle the business logic. The MVC model design for an authorization tool of class diagram gives the role independently and tries to be flexible with system by dividing into the suitable features of each component.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.01a
• /
• pp.255-256
• /
• 2017

IoT(Internet of Things)는 우리 일상생활에 깊숙이 관여하고 있어서 보안 문제는 중요해지고 있다. OAuth2.0은 웹기반 응용이나 REST 특성의 API를 안전하게 하는 권한부여(authorization) 프레임워크이다. 본 논문에서는 IoT에 OAuth2.0을 적용하여 효율적이고 효과적인 권한부여 기법을 제안한다. OAuth2.0 기술은 서버쪽 기술이지만, IoT에서도 웹을 이용할 수 있는 CoAP 기술이 있으므로 IoT 디바이스 쪽에 접근에 대한 권한부여 기법으로 적용할 수 있다. 제안기법은 권한 부여 서버와 자원 서버와의 키 분배와 해시 함수 및 암호화를 통해 권한부여 기법을 적용한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10b
• /
• pp.45-47
• /
• 1998

객체지향 데이터베이스 시스템에서 많이 연구되고 있는 묵시적 권한부여(implicit authorization) 방법은 모든 객체에 대하여 일일이 권한을 부여하는 오버헤드를 줄이기 위한 방법이다. 묵시적 권한부여 방법에서는 기존의 권한과 새로이 추가될 권한간의 충돌(conflict) 여부의 효율적인 검사가 중요하다. 기존의 데이터베이스 단위 계층 구조( database granularity hierarchy)에서의 의도형 권한부여(intention type authorization) 기법은 자신의 자손 노드에 대한 권한을 쉽게 판정할 수는 있지만, 클래스 복합 계층 구조(class composition hierarchy)상에서의 임의의 한 노드 ni에 추가로 권한을 부여할 때 ni의 자손 노드와 복합 참조(composite reference)의 관계를 가지는 노드 nj들에 대한 권한과의 충돌 여부를 탐지하기 위하여 추가로 nj들에 대한 권한을 일일이 탐색해야 하는 어려움이 있었다. 본 논문에서는 클래스 복합 계층 구조에서의 묵시적 권한부여 하에서 발생할 수 있는 권한간의 충돌을 효율적으로 탐지하는 새로운 기법을 확장하여 제안한다. 제안된 복합 계층 의도형 권한부여(intention type authorization for composition hierarchy)기법은 계층 구조에서 복합 참조의 관계를 따라 nj를 일일이 탐색할 필요 없이 노드 ni에서 바로 충돌 여부를 판정할 수 있는 장점을 가진다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.59-65
• /
• 2002

Payment systems in EC need confidentiality, integrity, non-repudiation. All transactions between cardholders and merchants must be authorized by a payment gateway in SET protocol. RSA secret key operation which requires heavy computation takes the most part of the time for payment authorization. For the reason, a heavy traffic of payment authorization requests from merchants causes the payment gateway to execute excessive RSA secret key operations, which may cause the bottleneck of the whole system. To resolve this problem, One-Time Password technique is applied to payment authorization step of the SET protocol.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.1
• /
• pp.145-149
• /
• 2019

Various supplementary authentication methods are used to supplement user authentication and authorization provided by existing password verification online1. In recent years, authentication and authorization methods using user attribute information have been studied and utilized in various services. User attribute information can be divided into static information and dynamic information. The existing methods focus on research to identify users using dynamic information or to generate challenge questions for user reauthentication. Static information such as a user's home address, school, company, etc. is associated with dynamic information such as location information. We propose a method to verify user attribute information by using the association between two attribute information. For this purpose, the static information of the user is verified by using the user's location record which is dynamic information. The experiment of this paper collects the dynamic information of the actual user and extracts the static information to verify the user attributes. And we implemented the user attribute information authentication system using the proposal verification method and evaluated the utility based on applicability, convenience, and security.

• Journal of the Architectural Institute of Korea Planning & Design
• /
• v.34 no.6
• /
• pp.85-92
• /
• 2018

This study was to confirm the effectiveness of crime prevention in an apartment complex environmentally designed for domestic crime prevention. The researchers surveyed 267 residents on the community, fear of crime, and crime victimization. They arrived at the following conclusions. The authorization complex received higher security satisfaction results than the unauthorized complex; residents were less afraid of crime and more active in the apartment complex community. These results differ from previous studies in that the fear of crime is not related to a crime victim experience and that the fear of crime is low when there are less households in the apartment complex. Therefore, effectiveness of crime prevention abroad should not be accepted in a domestic residential environment.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.217-221
• /
• 2021

Recent studies have indicated that mobile markets harbor applications (apps) that are either malicious or vulnerable, compromising millions of devices. Some studies indicate that 96% of companies' employees have used at least one malicious app. Some app stores do not employ security quality attributes regarding authorization, which is the function of specifying access rights to access control resources. However, well-defined access control policies can prevent mobile apps from being malicious. The problem is that those who oversee app market sites lack the mechanisms necessary to assess mobile app security. Because thousands of apps are constantly being added to or updated on mobile app market sites, these security testing mechanisms must be automated. This paper, therefore, introduces a new mechanism for testing mobile app security, using white-box testing in a way that is compatible with Bring Your Own Device (BYOD) working environments. This framework will benefit end-users, organizations that oversee app markets, and employers who implement the BYOD trend.

• The Journal of Korean Medicine
• /
• v.33 no.3
• /
• pp.147-159
• /
• 2012

Objectives: Systems related to the production, authorization, and listing for insurance of herbal medicine products were compared between South Korea and Taiwan to illuminate herbal medicine products system issues in South Korea. Methods: Papers, and laws and policies related to the production, authorization, and listing for insurance of herbal medicine products in South Korea and Taiwan are analyzed to create the primary documents. The documents from South Korea were screened with the advice of a specialist, while those from Taiwan have been verified through local investigation and with the help of a related specialist. The screened documents were then compared and analyzed in the order of the systems related to the production, authorization, and listing for insurance of herbal medicine products. Results: The systems related to the production of herbal medicine products satisfy GMP requirements in both countries, while Taiwan has more specialized systems related to the production of herbal medicine products and a more strict authorization program as compared to South Korea. While South Korea has most of the herbal medicine products classified as non-prescription drugs, Taiwan has them as prescription drugs. And while South Korea does not allow new herbal medicine products to be listed for insurance, Taiwan allows for once-a-year application toward listing for insurance. Conclusions: In order to ensure the safe and effective use of herbal medicine products, systems related to the production, authorization, and listing for insurance of herbal medicine products are to be established, while the categorization of medicine products principally used by Korean medicine doctors should be prepared. Furthermore, prescription by a Korean medicine doctor for new drugs made with natural products and their listing for insurance need to be encouraged.