• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04a
• /
• pp.280-282
• /
• 2004

최근 개인자료의 유출 및 불법적인 사용이 사회적으로 큰 이슈가 되고 있어 개인의 정보보호 및 신분확인에 대한 요구가 증가하게 되었다. 이로 인하여 최근 안전한 데이터 전송과 거래를 위해 스마트카드의 이용이 증가되고 있는 추세이다. 특히 자바카드는 스마트카드 플랫폼에 자바의 기술을 접목시킨 것으로 양방향 통신, 정보의 보호기능 등을 수행할 수 있으며, 개인을 확인할 수 있고 이동성이 뛰어나며 복제가 어렵고 암호 알고리즘을 카드 내부에서 수행하여 보안상 매우 좋은 이점을 지니고 있어 스마트카드에서 필요로 하고 있는 다양한 서비스의 내용을 충분히 안정적으로 제공하고 있다. 본 논문에서는 이런 다양한 응용분야에 이용되는 자바카드의 보안성을 높이기 위하여 기존의 단순한 사용자 인증에 사용되는 PIN정보와 생체정보인 사인데이터를 함께 이용한다. 또한 개인에 따른 정보를 저장하는 방법과 이 정보를 접근하기 위하여 데이터를 사용하는 사용자간의 접근을 제한하기 위한 사용자의 접근권한을 설계하였다. 이와 같은 Applet을 설계함으로써 개인정보의 보다 안전하고 신뢰성을 보장하고 개인의 불법적인 유출 및 도용의 완벽한 제어가 될 것으로 기대된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1035-1045
• /
• 2018

Recently, with the development of IT technology, authentication methods of users using cloud services have been diversified. However, research on providing authentication information of a user using a cloud service securely according to authority has not been make until now. In this paper, we propose a key establishment protocol which can perform split authentication using secret key and access control key according to the role authority of user in Intra cloud environment. The proposed protocol generates the access control key and secret key of the user by using the attributes of the user and the generated random number($t_1$, $t_2$), and classifies the roles according to the user's authority after generating the key. Unnecessary operation processes can be reduced. As a result of the performance evaluation, the proposed protocol guarantees the security against various type of attacks that may occur in the cloud environment because the user is authenticated by dividing the access control key and secret key. The size of the ciphertext used to establish the key could be reduced by ${\sum}+1$ more than the existing protocol.

• The KIPS Transactions:PartC
• /
• v.18C no.3
• /
• pp.135-142
• /
• 2011

Recently, the strategy for N-screen service is in the spotlight along with the consumer's need to use contents regardless of time and place due to the rapid development of communication technology, which is meshing with the desire of service providers seeking a new business model. N-screen, as a screen-extension-concept service which enables consumers to continuously share and use contents in various equipments such as TV, computer and portable terminals, is an advanced type of 3-screen service strategy initially proposed by AT&T, an American telecommunication company. In the N-screen service for pay-contents, in order to support continuous screen changes to and from various equipments, temporary watching right should be given to the equipment intended for screen change. However, it is impossible to give the temporary watching right in the present broadcasting environment, adopting an access-control system. In this paper, the access-control technology being used for pay-contents in the present broadcasting environment and the reason for not being able to give temporary watching right, will be examined. After the examination, the solution for delegation of watching right by using an additional key on the basis of currently used access-control technology, will be proposed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1335-1338
• /
• 2010

현재 제공되는 문서 DRM은 권한 그룹 또는 사용자에 따른 접근 제어를 제공하고 있다. 단순히 권한 그룹 또는 사용자 기반으로 문서를 제어 한다는 것은 문서를 보호하기 위해서는 많은 위험이 따른다. 오브젝트를 과하게 보호한다면 유연성이 떨어지고, 유연성을 높이고자 하면 보안강도가 떨어지게 되므로 보안강도와 유연성은 트레이드오프 관계에 있다. 따라서 본 논문에서는 유연성을 높이면서 문서의 보안강도 또한 높일 수 있는 방법에 대해 제시하고자 한다. 본 논문에서는 각 문서의 security level에 따라 문서 열기 권한을 다르게 적용함으로써 비밀문서의 보안강도와 유연성을 높일 수 있는 방법에 대해 제안한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2009.01a
• /
• pp.245-248
• /
• 2009

무선네트워크 환경에서 인증과 암호화를 함으로서 보안이 강화되는 효과가 있으나 무선네트워크를 이용하는 이용자들에 대한 권한이 동일하게 부여되면 접근성에 문제점이 대두됨에 따라 이용자 그룹별로 인터넷 이용에 대한 접근권한을 제어함으로서 다양한 학내 구성원, 계약직, 방문자, 시민 등 에게 보안측면과 운영성에 편리성을 가져올 수 있다. 관리자기 정책을 만들어 각각의 액세스포인트에 정책을 적용하고 사용자가 인증을 받을 때 인증서버에서 사용자에 대한 필터아이디를 액세스포인트에 전달해줌으로서 사용자에 대한 정책규칙이 적용된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.37-52
• /
• 2005

Traditional access control models like role-based access control model are insufficient in security needs in ubiquitous computing environment because they take no thought of access control based on user's context or environment condition. In these days, although researches on context-aware access control using user's context or environment conditions based on role-based access control are emerged, they are on the primary stage. We present context definitions md an access control model to provide more flexible and dynamic context-aware access control based on role-based access control. Specially, we describe the conflict problems occurred in the middle of making an access decision. After classifying the conflict problems, we show some resolutions to solve them. In conclusion, we will lay the foundations of the development of security policy and model assuring right user of right object(or resource) and application service through pre-defined context and context classification in ubiquitous computing environments. Beyond the simplicity of access to objects by authorized users, we assure that user can access to the object, resource, or service anywhere and anytime according to right context.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.705-706
• /
• 2009

본 논문은 향후 임베디드 단말 기기에 탑재되어 실행되는 응용 애플리케이션들이 제 3 자에 의해 개발되어 앱스토어를 통해 배포될 경우, 신뢰성 및 보안 문제 해결을 위해 제 3 자 개발자에 의해 개발된 애드온 애플리케이션들의 접근통제 메커니즘에 대해 연구하였다. 본 논문에서는 태스크-플로우 기반 메쏘드 접근제어 모델을 제시하고, X.509 기반의 권한 관리 구조를 통해 임베디드 단말에서 애드온 프로세스의 접근 통제를 위한 구조를 디자인하였다

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.2
• /
• pp.107-114
• /
• 2022

Delegation is a powerful mechanism that allocates access rights to users to provide flexible and dynamic access control decisions. It is also particularly useful in a distributed environment. Among the representative delegation models, the RBDM0 and RDM2000 models are role delegation as the user to user delegation. However, In RBAC, the concept of inheritance of the role class is not well harmonized with the management rules of the actual corporate organization. In this paper, we propose an Adding Attributes on Permission-Based Delegation Model (ABDM) that guarantees the permanence of delegated permissions. It does not violate the separation of duty and security principle of least privilege. ABDM based on RBAC model, supports both the role to role and user to user delegation with an attribute. whenever the delegator wants the permission can be withdrawn, and A delegator can give permission to a delegatee.

• Journal of Digital Contents Society
• /
• v.19 no.9
• /
• pp.1751-1758
• /
• 2018

An integrated medical information system that integrates systems consisting of different environments centered on hospital information systems should be provided as a system that prioritizes the improvement of the quality of medical services, customer satisfaction, and patient safety. The RBAC-based medical information system is granted the access right according to task type, role, and rules. Through this, it is possible to use SMS channel, medical reservation and cancellation, customized statistics, and CRM / EMR interworking service using multi-channel to enable communication service without help of counselor and reduce the default rate of reservation patient, Operational improvement services can be extended to medical staff, patients and their families, as well as expanding to important decisions for patients.

• The Journal of the Korea Contents Association
• /
• v.15 no.5
• /
• pp.27-35
• /
• 2015

Depending on the smart device user growth and development of communication technology, the area about working environment was extended without constraints of time and places. It is introducing to work using user's devices and this environment is called 'BYOD(Bring Your On Device)'. But it is vulnerable to security threat that happened in existing wireless environment and its security threat issue which is caused by inside information leak by an inside job and lost or stolen terminal which is caused by careless user is getting heated. So we studied about access control protocol by user rights under the BYOD situation make a session key based on the user information. We make a session key based on the user information and user device information, after that we design an access control protocol. The protocol we suggest can protect from attack under the BYOD situation and wireless communication situation and also safety and security requirement from inside information leak because it controls user rights.