• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.679-681
• /
• 2002

인터넷상의 안전한 전자상거래에 효과적인 인증/인가 서비스를 제공하기 위해서는 공개키기반구조와 권한관리기반구조의 효율적인 연동이 필요하며 이를 위해서는 먼저 공개키 인중서와 속성인증서의 연동이 필요하다. 그러나 현재까지는 공개키 인중서와 속성인중서의 프로파일에 대한 독자적인 연구만 진행되고 상호간의 구체적인 연동방법 및 시나리오에 대하여 기술하고 있지는 않다.[6],[7] 따라서 본 논문에서는 공개키 인증서와 속성인증서의 연동 방법의 요구사항을 정의하고 설계와 모델을 보임으로써 효과적인 인증/인가 서비스 제공 모델의 가능성을 제시한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.751-753
• /
• 2001

정보보호 분야의 핵심 기술인 PKI는 전자정부 및 전자상거래 전반의 응용 환경에서 정보보호의 기반구조로서 그 활용의 폭을 더욱 넓혀가고 있으며, 현재 유선 인터넷 환경을 기반으로 구성되어진 PKI는 무선 인터넷 환경의 정보보호 기반구조로 그 영역을 더욱 확장해 나가고 있다. 본 논문은 이러한 PKI에 필수적인 요소인 인증 경로 검증에 효율적으로 대응하고 확장성을 지원하기 위하여 Collaborative ETRI VA를 제안하였다. ETRI VA는 클라이언트의 인증 경로 검증에 대한 부담을 줄이고, 신뢰 모델에 영향을 받지 않고 검증을 수행하며, 중앙집중적으로 신속하게 정책을 반영할 수 있게 한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.5
• /
• pp.168-177
• /
• 2009

This paper proposes the EAP-AKA scheme without UICC for extending its usage to existing WLAN/WiBro devices. To apply the current EAP-AKA scheme, the WLAN/WiBro devices require an external Universal Integrated Circuit Card (UICC) reader. If they don't use UICC due to cost overhead and architectural problem of device, the EAP-AKA scheme loses its own advantages in security and portability aspects. The proposed scheme uses the DH key algorithm and a password for non-UICC devices instead of using the long-term key stored in UICC. The main contribution is to maintain the security and portability of the EAP-AKA while being applied to non-3GPP network devices not equipped with UICC. Furthermore, it does not require major modifications of authentication architecture in 3GPP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• Korean Journal of Comparative Education
• /
• v.24 no.3
• /
• pp.245-265
• /
• 2014

The purpose of this research is to find the features of HLC institutional accreditation model and the implication on the second period institutional accreditation of Korea. This research focus on accreditation model, accreditation period, comprehensive evaluation, criteria, decision making for accreditation status and accreditation supporting system. This research draws following suggestions to the second period institutional accreditation of Korea. 1. The institutional accreditation should apply various accreditation models according to the features of institute. 2. The institutional accreditation should focus on the autonomous quality improvement of institute with the quality assurance. 3. The quantitative evaluation should be reduced and qualitative evaluation based on mission and objects should be reinforced. 4. The interim evaluation should be strictly enforced for quality improvement. 5. The government should enlarge reflection the results of accreditation on financial aid to universities. 6. The web-based accreditation supporting system interworking with "Higher Education in Korea" service is needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.321-330
• /
• 2007

This paper proposes a two-phase server login authentication system by XML-Signature schema extension to protect server's information resources opened on network which offer various web contents. A proposed system requests and publishes XML-based certificate through on-line, registers certificate extension information provided by CA(Certification Authority) to XCMS(XML Certificate Management Server), and performs prior authentication using user's certificate password. Then, it requests certificate extension information added by user besides user's certificate password and certificate extension information registered in XCMS by using SOAP message, and performs posterior authentication by comparing these certificate extension information. As a result, a proposed system is a security reinforced system compared with existing systems.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.10
• /
• pp.2113-2120
• /
• 2009

User authentication has been one of the most important part of the network system. OTP(One-Time Password) has been developed and applied to the existing authentication system. OTP makes a different password and abrogates used password each time when user is authenticated by the server. Those systems prevent stolen-key-problems which is caused by using the same key every log-in trial. Yet, OTP still has vulnerabilities. In this paper, an advanced protocol which is using clock-count method to apply a stream cipher algorithm to OTP protocols and to solve problems of existing OTP protocols is proposed.

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.39-50
• /
• 2012

Battlefield management systems are operated by the Public Key Infrastructure (PKI) and cryptographic equipment is distributed through the personal delivery to the enemy has deodorizing prone to structure. In addition, Per person each battlefield management system (C4I) encryption key operate and authentication module to manage multiple encryption so, encryption key operating is restrictions. Analysis of the problems of this public key infrastructure(PKI), Identity-Based Cryptosystem(IBC) and Attribute-Based Cryptosystem(ABC) to compare construct the future of encrypt ion and authentication system were studied. Authentication method for the connection between the system that supports data encryption and secure data communication, storage, and communication scheme is proposed.

• Review of KIISC
• /
• v.8 no.3
• /
• pp.105-114
• /
• 1998

최근 정보 보안 및 전자 상거래 관련된 영역에서 cdrtificate(인증), certificate authirity(인증기관) 및 Public key Infrastructure(공개키 기반 구조) 등에 대한 관심이 고조되고 있다. 이러한 기술은 보안의 기본 요소인 인증 (authentication), 기밀성(confidentiality), 무결성(Integrity)및 부인봉쇄(non-repudiation)등의 기능을 커다란 규모의 시스템에 적용할 수 있는 거의 유일한 solution이 될 것이 확실하다. 이 자료에서는 CA(Certificate Authority)관련 기술 자체에 대한 자세한 설명보다는 개념적인 차원에서의 소개와 적용 영역 및 적용 model에 대해 소개하였다.