• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.828-832
• /
• 2005

무선 인터넷에서는 원격지 이동, 근무자의 근무지원, 무선 상거래로 그 초점이 맞추어지면서 당연히 현재 무선인터넷의 보안도 트랜잭션(transaction) 보안을 시발점으로 하고 있다. 본 논문에서는 현재 무선인터넷에서 가장 화두가 되고 있는 WPKI(Wireless Public Key Infrastructure)를 이용한 단대단(End-to-End) 시스템과 MVPN(Mobile Virtual Private Network)을 분석하고, 현재 국내에서 무선인터넷 서비스를 하고 있는 이동통신 사업자의 네트워크 환경을 분석하여, 우선적으로 이동통신망을 이용한 무선 인터넷에서의 보안 시스템에 대해 기술하고자 한다. 그리고 이동전화사업자와 단말기 업체들에 이어 종합 포털(portal)들도 호환성이 강점인 자바 기반의 ‘J2ME(Jave 2 Micro Edition)’을 사용하여 무선인터넷 플랫폼 최적화 움직임이 가속화되고 있는 추세에 맞추어, 본 논문에서는 무선 인터넷 서비스 방식 중 콘텐츠 프로그램의 서버 보관 등 타사 플랫폼과는 차별화된 서비스를 제공하기 때문에 이용자들에게 한층 더 향상된 무선인터넷 서비스를 이용할 수 있게 하는 J2ME 서비스를 기초로 한 단대단간의 보안 역할을 하는 중계보안시스템에 대해 논의하고자 하며, 향후 그 모듈의 일환으로 무선 암호 메시지 전송의 구현을 통하여 이를 현실화하고자 한다.

• Korean Journal of Organic Agriculture
• /
• v.30 no.3
• /
• pp.375-391
• /
• 2022

This study investigated the online transaction status of low-carbon certified fresh agricultural products and analyzed the low-carbon certified premium. For two months from March to April 2022, eight products (rice, apple, pear, sweet persimmons, paprika, tomatoes, cherry tomatoes, and lettuce) were surveyed at major online shopping malls. The low-carbon certification premium was analyzed using hedonic price analysis model. As a result of the online market survey, the low-carbon certified agricultural products were not traded in the case of rice, cherry tomatoes, and paprika. And the proportion of low-carbon certified agricultural products in the case of tomatoes and lettuce was low. As a result of the low-carbon premium analysis, of the five products that analyzed the low-carbon certification premium, four products excluding pear did not have a low-carbon certification premium. Thus, it is necessary to expand the sale of the low-carbon certified agricultural products by distributors, and various efforts to secure the premium of certified agricultural products are important.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2014.06a
• /
• pp.183-185
• /
• 2014

The purpose of this paper aims at contributing to the national economic development through global competitiveness enhancement by marine finance's hub and marine logistics cluster by finance specialization and finance support as a creative-type service industry in global shipping port logistics. This study adopted the integrated approach and applied it to policy implementation to achieve the effectiveness. Creative-type marine finance development stages as a tool of policy implementation and the guide line for the time of policy implementation are followed by Stage 1(Construction & Growth Policy) for 2013~2016, Stage 2(Forstering & Activation Policy) for 2017~2019) and Stage 3(Continuous Development Policy) after 2020 until its completion. Korea has the inferiority over the competitiveness in global marine finance and needs a strategic approach to secure the liquidity of marine finance; interim, Islamic finance has been come to the force as a new alternative in financial transaction being accompanied by a spot transaction since the crisis of global finance. In order to create a potential slack of Korea in marine finance practice, in addition, this study suggests a consortium with the circle of Islamic finance as a clue of an easier policy implementation at the beginning stage.

• Journal of KIISE:Databases
• /
• v.29 no.3
• /
• pp.230-245
• /
• 2002

Database systems for real-time applications must satisfy timing constraints associated with transactions. Typically, a timing constraint is expressed in the form of a deadline and is represented as a priority to be used by schedulers. Recently, security has become another important issue in many real-time applications. In many systems, sensitive information is shared by multiple users with different levees of security clearance. As more advanced database systems are being used in applications that need to support timeliness while managing sensitive information, there is an urgent need to develop concurrency control protocols in transaction management that satisfy both timing and security requirements. In this paper, we propose two concurrence control protocols that ensure both security and real-time requirements. The proposed protocols are primarily based on multiversion locking. However, in order to satisfy timing constraint and security requirements, a new method, called the FREEZE, is proposed. In addition, we show that our protocols work correctly and they provide a higher degree of concurrency than existing multiversion protocols. We Present several examples to illustrate the behavior of our protocols, along with performance comparisons with other protocols. The simulation results show that the proposed protocols can achieve significant performance improvement.

• Journal of Intelligence and Information Systems
• /
• v.15 no.1
• /
• pp.31-50
• /
• 2009

As the collected information which is static or dynamic is infinite in ubiquitous computing environments, information overload and invasion of privacy have been pressing issues in the recommendation service. In this study, we propose a recommendation service procedure through P2P, The P2P helps customer to obtain effective and secure product information because of communication among customers who have the similar preference about the products without connection to server. To evaluate the performance of the proposed recommendation service, we utilized real transaction and product data of the Korean mobile company which service character images. We developed a prototype recommender system and demonstrated that the proposed recommendation service makes an effect on recommending product in the ubiquitous environments. We expect that the information overload and invasion of privacy will be solved by the proposed recommendation procedure in ubiquitous environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1179-1195
• /
• 2018

Recently, a variety of attacks on web services have been occurring through a multiple access environment such as PC, tablet, and smartphone. These attacks are causing various subsequent damages such as online fraud transactions, takeovers and theft of accounts, fraudulent logins, and information leakage through web service vulnerabilities. Creating a new fake account for Fraud attacks, hijacking accounts, and bypassing IP while using other usernames or email addresses is a relatively easy attack method, but it is not easy to detect and block these attacks. In this paper, we have studied a method to detect online fraud transaction and obsession by identifying and managing devices accessing web service using web-based device fingerprinting. In particular, it has been proposed to identify devices and to manage them by scoring process. In order to secure the validity of the proposed scheme, we analyzed the application cases and proved that they can effectively defend against various attacks because they actively cope with online fraud and obtain visibility of user accounts.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1411-1419
• /
• 2017

The two factor authentication capability, private key possession and key protection password knowledge, and the strong public key cryptography protocol of PKI authentication have largely contributed to the rapid construction of Internet transaction trusted infrastructure. The reusability of a certificate-based identity for every PKI site was another contribution factor of the spread of PKI authentication. Nevertheless, the PKI authentication has been criticised mainly for the cost of PKI construction, inconvenience of individual certificate management, and difficulties of password management. Recently FIDO authentication has received high attention as an alternative of the PKI authentication. The FIDO authentication is also based on the public key cryptography which provides strong authentication services, but it does not require individual certificate issuance and provides user-friendly and secure authentication services by integrating biometric technologies. The purpose of this paper is to concretely compare the PKI-authentication and FIDO-authentication and, based on the analysis result, to propose their corresponding applications.

• Journal of the Korea Computer Industry Society
• /
• v.2 no.10
• /
• pp.1339-1348
• /
• 2001

This study is directed to compare the payment systems between conventional and internet, under international commerce. A stable and secure payment system is necessary for the progress of e-business through the internet. There are three typical methods of payment system in conventional transactions; the letter of credit(L/C) basis, the collection basis and the remittance basis. The exporter prefers L/C basis because of authentic payment, financial convenience and reduced risk Buyers and sellers who have enjoyed long creditable relationships use carefully the collection basis. The remittance basis is adequate for small amount payment for sample. In this paper, the merits and demerits of electronic payment system are compared to the conventional payment one. Internet payment system has an advantage of speed-up in payment against the conventional, but has a limited usage in the area of consumer based(B to C) transaction. The conventional payment system has been becoming overwhelm electronic payment one in the business to business(B to B) area.

• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.552-557
• /
• 2009

One-time passwords are used just once and discarded, which makes it more secure than the repeatedly used conventional passwords. This paper proposes a challenge-response based one-time password generator on a user's mobile phone always carried with the user. The generator can provide an additional authentication for a user to issue a money transfer request within his Internet banking session on a PC. A currently used device for Internet banking generates a password that changes every 30 seconds or so, which allows a man-in-the-middle to use it for stealing money within the 30 seconds. Unlike such a device, the proposed generator resists against the man-in-the-middle attack by a novel challenge-response scheme, provides better accessability and protection against stolen devices. As the currently used devices do, it prevents any unauthorized transfer even if the victim's all other credentials are revealed through his PC infected with spyware such as a keyboard logger.