• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.2
• /
• pp.81-88
• /
• 2016

Machine-to-Machine (M2M) communication provides each component (machine) with access to Internet, evolving into the IoT technology. IoT is a trend where numbers of devices provide the communication service, using the Internet protocol. As spreading the concept of IoT(Internet of Things), various objects become home information sources. According to the wide spread of various devices, it is difficult to access data on the devices with unified manners. Under this environment, security is a critical element to create various types of application and service. In this paper propose the inter-device authentication and Centralized Remote Security Provisioning framework in Open M2M environment. The results of previous studies in this task is carried out by protecting it with the latest information on M2M / IoT and designed to provide the ultimate goal of future M2M / IoT optimized platform that can be integrated M2M / IoT service security and security model presents the information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.827-838
• /
• 2018

Since 2014, ease of regulations on financial institutions expanded the mobile payment market based on simple authentication, and this resulted in the emergence of various simple payment services. Although several security solutions have been used to mitigate possible security threats to payment applications, there are vulnerabilities which can still be found due to the structure in which the security solution is applied to the payment service. In this paper, we analyze the payment application and security solution from the process perspective, and prove through experimentation that verification functions of security solutions can be bypassed without detailed analysis of each security function, but by simply manipulating the verification result value. Finally, we propose methods to mitigate the bypass method presented in this paper from three different perspectives, and thereby contribute to the improvement of security level of the payment service.

• International Journal of Contents
• /
• v.11 no.1
• /
• pp.41-51
• /
• 2015

Management systems for electronic library have been developed on the basis of Client/Server or ASP framework in domestic market for a long time. Therefore, both service provider and user suffer from their high cost and effort in management, maintenance, and repairing of software as well as hardware. Recently in addition, mobile devices like smartphone and tablet PC are frequently used as terminal devices to access computers through the Internet or other networks, sophisticatedly customized or personalized interface for n-screen service became more important issue these days. In this paper, we propose a new scheme of integrated management system for electronic library based on SaaS and Web Standard. We design and implement the proposed scheme applying Electronic Cabinet Guidelines for Web Standard and Universal Code System. Hosted application management style and software on demand style service models based on SaaS are basically applied to develop the management system. Moreover, a newly improved concept of duplication check algorithm in a hierarchical evaluation process is presented and a personalized interface based on web standard is applied to implement the system. Algorithms of duplication check for journal, volume/number, and paper are hierarchically presented with their logic flows. Total framework of our development obeys the standard feature of Electronic Cabinet Guidelines offered by Korea government so that we can accomplish standard of application software, quality improvement of total software, and reusability extension. Scope of our development includes core services of library automation system such as acquisition, list-up, loan-and-return, and their related services. We focus on interoperation compatibility between elementary sub-systems throughout complex network and structural features. Reanalyzing and standardizing each part of the system under the concept on the cloud of service, we construct an integrated development environment for generating, test, operation, and maintenance. Finally, performance analyses are performed about resource usability of server, memory amount used, and response time of server etc. As a result of measurements fulfilled over 5 times at different test points and using different data, the average response time is about 62.9 seconds for 100 clients, which takes about 0.629 seconds per client on the average. We can expect this result makes it possible to operate the system in real-time level proof. Resource usability and memory occupation are also good and moderate comparing to the conventional systems. As total verification tests, we present a simple proof to obey Electronic Cabinet Guidelines and a record of TTA authentication test for topics about SaaS maturity, performance, and application program features.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.458-460
• /
• 2021

The provision and application of public safety network in Korea is still insufficient for security response to the mobile app of public safety network in the stages of development, initial construction, demonstration, and initial service. The available terminals on the Disaster Safety Network (PS-LTE) are open, Android-based, dedicated terminals that potentially have vulnerabilities that can be used for a variety of mobile malware, requiring preemptive responses similar to FirstNet Certified in U.S and Google's Google Play Protect. In this paper, before listing the application service app on the public safety network mobile app store, we construct a data set for malicious and normal apps, extract features, select the most effective AI model, perform static and dynamic analysis, and analyze Based on the result, if it is not a malicious app, it is suggested to list it in the App Store. As it becomes essential to provide a service that blocks malicious behavior app listing in advance, it is essential to provide authorized authentication to minimize the security blind spot of the public safety network, and to provide certified apps for disaster safety and application service support. The safety of the public safety network can be secured.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.103-111
• /
• 2023

Recently, many universities have used various electronic attendance systems such as NFC, QR code, Sound-QR, Bluetooth BLE authentication, and face recognition to process attendance. However, existing methods have various problems such as attendance errors due to deformation of authentication signals, mis-recognition attendance from outside the classroom, and difficulty to process seat absence during class. Therefore, this study proposes a high-frequency signal-based electronic attendance system to solve these problems and manage more accurate electronic attendance. As the high-frequency signal replaces the BLE signal, and the transmission range of the signal is limited to the classroom, and the signal value can be immediately changed if a change of the signal is needed. To verify the performance of the proposed system, we conducted a comparative experiment with the Bluetooth based electronic attendance system, and as a result, the proposed method showed high accuracy. Thus, the proposed method will be a useful service that can be immediately used in smart device-based electronic attendance system.

• The Journal of the Korea Contents Association
• /
• v.11 no.11
• /
• pp.49-61
• /
• 2011

In recent, library is considered as an integrated knowledge convergence center that can respond to various requests about information service of users. Therefor it is necessary to establish a novel information system based on information communications technologies of the era. In other words, it is currently required to develop mobile information service available in portable devices such as smart phones or tablet PCs, and to establish information system reflecting cloud computing, SaaS, Annotation, and Library 2.0 etc. In this paper we design and implement a library information system using collective intelligence and cloud computing. This information system can be adapted for the varieties of mobile service paradigm and abruptly increasing amount of electronic materials. Advantages of this concept model are resource sharing, multi-tenant supporting, configuration, and meta-data supporting etc. In addition it can offer software on-demand type user services. In order to test the performance of our system, we perform an effectiveness analysis and TTA authentication test. The average response time corresponding to variance of data reveals 0.692 seconds which is very good performance in timing effectiveness point of view. And we detect maturity level-3 or 4 authentication in TTA tests such as SaaS maturity, performance, and application programs.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.

• KIISE Transactions on Computing Practices
• /
• v.22 no.12
• /
• pp.663-674
• /
• 2016

Traditional supercomputing services suffer from limited accessibility and low utilization in that users(researchers) may perform computational executions only using terminal-based command line interfaces. To address this problem, in this paper, we provide the design and implementation details of National supercomputing service framework. The proposed framework supports all the fundamental primitive functions such as user management/authentication, heterogeneous computing resource management, HPC (High Performance Computing) job management, etc. so that it enables various 3rd-party applications to be newly built on top of the proposed framework. Our framework also provides Web-based RESTful OpenAPIs and the abstraction interfaces of job schedulers (as well as bundle scheduler plug-ins, for example, LoadLeveler, Open Grid Scheduler, TORQUE) in order to easily integrate the broad spectrum of heterogeneous computing clusters. To show and validate the effectiveness of the proposed framework, we describe the best practice scenario of high energy physics Lattice-QCD as an example application.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.33 no.1
• /
• pp.371-401
• /
• 2022

If the blockchain means storing information in a distributed environment that cannot be forged or altered, it is mentioned that this is similar to what librarians collect, preserve, and share authoritative information. In this way, this study examined blockchain technology as a way to collect and provide reliable information, increase work efficiency inside and outside the library, and strengthen cooperative networks. This study attempted to propose various ways to utilize blockchain technology in book relations based on literature surveys and case studies in other fields. To this end, this study first analyzed the field and cases of blockchain application to confirm the possibility and value of blockchain application in the library field, and proposed 12 ways to utilize it based on this. The utilization model was proposed by dividing it into operation and service sectors. In the operation sector, it is a digital identity-based user record storage and authentication function, transparent management and traceable monitoring function, voting-based personnel and recruitment system, blockchain governance-based network efficiency function, and blockchain-based next-generation device management and information integration function. The service sector includes improved book purchase and sharing efficiency due to simplification of intermediaries, digital content copyright protection and management functions, customized service provision based on customer behavior analysis, blockchain-based online learning platforms, sharing platforms, and P2P-based reliable information sharing platforms.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.1
• /
• pp.65-71
• /
• 2012

Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.