• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2529-2549
• /
• 2023

For effectively lowering down the risk of cyber threating, the zero-trust architecture (ZTA) has been gradually deployed to the fields of smart city, Internet of Things, and cloud computing. The main concept of ZTA is to maintain a distrustful attitude towards all devices, identities, and communication requests, which only offering the minimum access and validity. Unfortunately, adopting the most secure and complex multifactor authentication has brought enterprise and employee a troublesome and unfriendly burden. Thus, authors aim to incorporate machine learning technology to build an employee behavior analysis ZTA. The new framework is characterized by the ability of adjusting the difficulty of identity verification through the user behavioral patterns and the risk degree of the resource. In particular, three key factors, including one-time password, face feature, and authorization code, have been applied to design the adaptive multifactor continuous authentication system. Simulations have demonstrated that the new work can eliminate the necessity of maintaining a heavy authentication and ensure an employee-friendly experience.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.11a
• /
• pp.1206-1209
• /
• 2007

IP-TV 서비스는 통신/방송 융합서비스로서 데이터 스트림이 송출되는 Server로부터 QoS가 보장되는 IP망을 통해 디지털 영상 방송이나 양방향 서비스를 가입자 단말까지 제공하는 서비스이다. IP-TV 서비스는 보안을 위해 CAS(Conditional Access System)를 사용하고, 또한 효율적인 콘텐츠의 전송을 위해 IP Multicast를 사용하게 된다. 보안 기능이 제공되지 않는 IP Multicast는 익명성을 허용하게 하여 eavesdropping, denial of service(DoS) Attack등이 가능하고, 또한 AAA(Authentication, Accounting, Authorization) 기능이 제공되지 않는다. IP-TV에서는 보안을 제공하기위해 Application 계층에서 CAS를 운용하게 되는데, 이는 Network계층에서 보안문제를 해결하는 것 보다 비효율적이다. 본 논문에서는 기존의 IGMP프로토콜을 확장, 개선하여 상호인증을 통해 CAS Server와 연계하여 IP-TV에 적합하게 만든 프로토콜을 제시함으로서, 이와 같은 문제점들을 해결하였다.

• Proceedings of the Safety Management and Science Conference
• /
• 2010.11a
• /
• pp.175-189
• /
• 2010

With the foundation of the WTO in 1995, the era of boundless and unlimited competition between many of the countries around the world has begun. In order to elevate the competitiveness in the international market, we have incorporated the QMS and the EMS system, establish by the International Standardization Organization, and the process has been operated under the authorization. However, many Korea companies' separate enforcement of the QMS and the EMS system is causing the dissipation of the labor force and the invested capital. As we can see through studying the contents on this paper, the number of documents has been reduced down to 54% (From 139 of them to 64 of them), and the conflict and the chaos that could have happened between the documents has been prevented. Its' outcome is attributed to the foundation and the embarkation on the Integrated Management Systems of the KS, QMS, and EMS. Not only that, it has also reduced the waste elements up to greater than 40%.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.229-238
• /
• 2010

With the foundation of the WTO in 1995, the era of boundless and unlimited competition between many of the countries around the world has begun. In order to elevate the competitiveness in the international market, we have incorporated the QMS and the EMS system, establish by the International Standardization Organization, and the process has been operated under the authorization. However, many Korea companies' separate enforcement of the QMS and the EMS system is causing the dissipation of the labor force and the invested capital. As we can see through studying the contents on this paper, the number of documents has been reduced down to 54% (From 139 of them to 64 of them), and the conflict and the chaos that could have happened between the documents has been prevented. Its' outcome is attributed to the foundation and the embarkation on the Integrated Management Systems of the KS, QMS, and EMS. Not only that, it has also reduced the waste elements up to greater than 40%.

• Proceedings of the Korean Radioactive Waste Society Conference
• /
• 2003.11a
• /
• pp.689-695
• /
• 2003

Electrochemical decontamination process has been applied for recycle or self disposal with authorization of large amount of metallic wastes contaminated with uranium compounds such as $UO_2$, ammonium uranyl carbonate (AUC), ammonium di-uranate (ADU), and uranyl nitrate(UN) with tributylphosphate(TBP) and dodecane, which are generated by dismantling the contaminated system components and equipment of a retired uranium conversion plant in Korea Atomic Energy Research Institute (KAERI). Electrochemical decontamination for metallic wastes contaminated with uranium compounds was evaluated through the experiments on the electrolytic dissolution of stainless steel as the material of the system components in neutral salt electrolytes. The effects of type of neutral salt as the electrolyte, current density, and concentration of electrolyte on the dissolution of the materials were evaluated. Decontamination performance tests using the specimens taken from a uranium conversion plant were quite successful with the application electrochemical decontamination conditions obtained through the basic studies on the electrolytic dissolution of structural material of the system components.

• Korean Security Journal
• /
• no.33
• /
• pp.197-228
• /
• 2012

The private security industry in Korea has rapidly proliferated. While the industry has grown quickly, though, private security officers have recently been implicated in incidents involving violence, demonstrating an urgent need for systematic reform and regulation of private security practices in Korea. Due to its quasi-public service character, the industry also risks losing the public's favor if it is not quickly disciplined and brought under legitimate government regulation: the industry needs professional standards for conduct and qualification for employment of security officers. This paper shares insights for the reform of the Korean private security industry through a study of the licensing and training requirements for private security businesses in the United States, mainly focusing on the Private Security Officer Employment Authorization Act (hereinafter the PSOEAA) and the California system. According to the PSOEAA, aspiring security officers shall submit to a criminal background check (a check of the applicants' criminal records). Applicants' criminal records should include not only felony convictions but also any other moral turpitude offenses (involving dishonesty, false statement, and information on pending cases). The PSOEAA also allows businesses to do background checks of their employees every twelve months, enabling the employers to make sure that their employees remain qualified for their security jobs during their employment. It also must be mentioned that the state of California, for effective management of its private security sector, has established a professional government authority, the Bureau of Security and Investigative Services, a tacit recognition that the private security industry needs to be thoroughly, professionally, and actively managed by a professional government authority. The American system provides a workable model for the Korean private security industry. First, this paper argues that the Korean private security industry should implement a more strict criminal background check system similar to that required by the PSOEAA. Second, it recommends that an independent professional government authority be established to oversee and enforce regulation of Korea's private security industry. Finally, this article suggests that education and training course be implemented to provide both diverse training as well as specialization and phasing.

• The Journal of the Korea Contents Association
• /
• v.13 no.11
• /
• pp.433-440
• /
• 2013

The Ministry of Land, Infrastructure and Transport was developed the Construction CALS system for improvement of the construction economy. Construction CALS system is consist by Construction Portal System, Construction Management System, Construction Authorization and Permission System, Compensation Management System, Facility Maintenance Management System and has utilized at construction site of more than 900. Ministry of Land, Infrastructure and Transport and related researcher was proposed method of various function improvements for usability of the system. However, the proposed method was expanded the problems like increase of system management cost and development cost with decrease of data process rate. The problem was increases because has added of only service function without modify of software structure to the system on each different platform base. One of the methods for solving problems is to apply the e-Government framework and then integrated the different platform. The purpose of this paper is analyse of the applicability and efficiency of e-Government framework to the construction CALS system. For that was analyzed the e-Government standard framework and the developments case. And then was verified about the adaption possibility and efficiency by use the Function Point tool.

• Health Policy and Management
• /
• v.4 no.1
• /
• pp.138-175
• /
• 1994

The objectives of this study are (i) to review current situations and problems of the occupational health care system with emphasis on reforming the organizations and services, (ii) to find out a disirable occupational health system model based on integration of the occupational health system and the general health system, and finally, (iii) to suggest policy implications in occupational health services in the light of objectives of the newly emerging national health insurance reform in Korea. The major policy implications of this study are as follows: 1. In the long-run, within the occupational health system, preventive occupational health services such as employees' physical check-up, working environment examination, etc should financially be integrated with industrial accident compensation insurance. Currently separately paying expenses for each different category of services by the owner of an enterprise should be disbursed once through the payment of contributions of industrial accident compensation insurance. And then, it is necessary to strengthen and expand the role and function of industrial accident compensation insurance to cover preventive occupational health services. 2. The occupational health system should be integrated with general health system for its effective management. For the short-term policy, it is necessary to eliminate fiscal and access barrier between industrial accident compensation insurance and national health insurance by means of ex post facto settlement of accounts. The duplication of employees' physical check- ups between under the health insurance program and under the industrial health services must be coordinated in a manner either through mutual authorization by the two parties concerned or through merge into the health insurance. 3. The intent of current employees' physical check-up system focused on detection of occupational diseases, should be converted to an idea of medical surveillance system or biological moritoring system. The introduction of medical surveillance or biological monitoring system is a necessary condition to build a positive, effective and inexpensive occupational health care system.