• Journal of Navigation and Port Research
• /
• v.46 no.6
• /
• pp.501-508
• /
• 2022

The flow of global digitalization is leading to the emergence of a decentralized system environment based on blockchain or distributed ledger technology in the fields of economy, identity authentication, and logistics. Accordingly, a requirement that public services be searchable from several decentralized maritime service registries (MSRs) has been derived in terms of the discoverability of e-navigation services. This study describes a decentralized MSR environment composed of the MSR ledger and multiple local MSRs, and it has implemented a service search system that can search global e-navigation services in the environment through a web browser. This system is a decentralized application that dynamically generates service attributes, geometry information, and free text queries, and that provides users with relevant MSR and service access information from search results that are registered in the MSR ledger. In this study, we tested the established decentralized MSR environment and the system that performs service search within that environment, and we discussed its advantages and limitations.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.595-598
• /
• 2008

The Large amounts of data were available to transfer on mobile environment in the development of mobile telecommunications technology. And WIPI(Wireless Internet Protocol for Interoperability) platform is being mounted obligations to develope mobile application services. The applications developed on WIPI platform is possible to interoperability on mobile mounted WIPI platform, so there are not demand on mobile device. Currently e-commerce service is actively on mobile environment. This service is offerd based on XML Signature(eXtensible Markup Language) which provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. In this paper, we designed and implemented XML Signature service module which possible interoperability on mobile mounted WIPI platform.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.325-333
• /
• 2021

With the rapidly changing era of the fourth industrial revolution, the utilization of IT technology is increasing. In addition, the demand for security authentication is increasing as shared services or IoT technologies are being developed as new business models. Security authentication is becoming increasingly important for all intelligent devices such as self-driving cars. However, most location-based security authentication technologies are being developed mainly with technologies that utilize server proximity or satellite location tracking, which limits the scope of their physical use. Location-based security authentication technology has recently been developed as a complementary replacement technology. In this study, we introduce location-based security authentication technology using cell broadcasting technology, which has a wider range of applications and is more convenient and business-friendly than existing location-based security authentication technologies. We also introduced application cases and business models related to this. In addition to the current status of technology development, we analyzed current changes in business models being employed. Based on our analysis results, this study draws the implication that technology diversification is necessary to improve the performance of innovative technologies. It is meaningful that it has found and studied advanced technologies other than existing location authentication methods and systems.

• Journal of the Korean Society of Industry Convergence
• /
• v.27 no.2_2
• /
• pp.343-356
• /
• 2024

Super app is an application that provides a variety of services in a unified interface within a single platform. With the acceleration of digital transformation, super apps are becoming more prevalent. This study aims to suggest service enhancement measures by analyzing the user review data before and after the transition to a super app. To this end, user review data from a payment-based super app(Shinhan Play) were collected and studied via topic modeling. Moreover, a matrix for assessing the importance and usefulness of topics is introduced, which relies on the eigenvector centrality of the inter-topic network obtained through topic modeling and the number of review recommendations. This allowed us to identify and categorize topics with high utility and impact. Prior to the transition, the factors contributing to user satisfaction included 'payment service,' 'additional service,' and 'improvement.' Following the transition, user satisfaction was associated with 'payment service' and 'integrated UX.' Conversely, dissatisfaction factors before the transition encompassed issues related to 'signup/installation,' 'payment error/response,' 'security authentication,' and 'security error.' Following the transition, user dissatisfaction arose from concerns regarding 'update/error response' and 'UX/UI.' The research results are expected to be used as a basis for establishing strategies to strengthen service competitiveness by making super app services more user-oriented.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.2
• /
• pp.201-208
• /
• 2020

Recently, the application of personal proofing service based on social security number(SSN) replacement means for verifying identity in non-face-to-face transactions is increasing. In this paper, we propose a method of applying differentiated personal proofing service on whether identity verification is necessary in the online service provided by ISP and if it is appropriate to apply a certain level of assurance. By analyzing the requirements related to personal proofing required by current ISPs, we analyze the risks for each of the requirements and propose a method of applying differentiated personal proofing service according to the level of identity assurance guarantee to minimize the risks. In applying the proposed method to online service provision, it is possible to reduce user's unnecessary authentication cost by minimizing the application of personal proofing service based on alternative means, and to help protect user personal information by minimizing excessively collected personal information.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.21-28
• /
• 2015

Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

• Annual Conference of KIPS
• /
• 2003.05b
• /
• pp.767-770
• /
• 2003

현재 사용되고 있는 ETCS(Electronic Toll Collection Services)는 충전식의 스마트 카드와 카드리더를 이용하여 필요한 정보를 읽음으로 인증 및 과금 결제를 처리하는 방식이다. 혀 방식은 스마트 카드 규격이 다양하여 사용자는 각 규격에 맞는 카드리더를 사용해야 한다. 게다가 충전식이기 때문에 매번 충전해야하는 불편함이 있다. 본 논문에서는 현 ETC(Electronic Toll Collection)시스템의 단점을 극복하고자 스마트 카드 대신 휴대폰과 WAP(Wireless Application Protocol) 서버를 사용하여 통행료 자동징수 시스템을 설계한다. 또한 휴대폰을 사용함으로써 ITS(Intelligent Transfer Service) 시스템과 별도로 지역적인 인증이 가능하여 인중절차를 간소화시킬 수 있으며, ITS 시스템의 부하를 줄일 수 있기 때문에 ETC시스템 처리속도 또한 증가시킬 수 있다.

• Journal of Internet Computing and Services
• /
• v.13 no.6
• /
• pp.55-62
• /
• 2012

Grid web applications by standard Web technology are increasingly used to provide grid service to users as normal Web user interface and service. It is however difficult to integrate a grid security system such as Grid Security Infrastructure (GSI) into Web applications because the delegation way of standard Web security is not the same as the one of Grid security. This can be solved by allowing Web applications to get a Grid credential by using an online credential repository system such as MyProxy. In this paper, we investigate the problem that occurs when MyProxy, which assumes mutual trust between a user and Grid web application, is adapted for achieving security integration between Web and Grid, and we propose a new Grid proxy delegation service to delegate a Grid credential to the Web without assuming mutual trust. In the service, the X.509 proxy delegation process is added to OAuth protocol for credential exchange, and authentication can be done by an external service such as OpenID. So, users can login onto the Grid web application in a single sign-on manner, and are allowed to securely delegate and retrieve multiple credentials for one or more Virtual Organizations.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.11S
• /
• pp.3278-3288
• /
• 1999

This paper proposes a security platform, called SCAP(Security platform for CORBA based APplication), to cope with potential threats in a distributed object system. SCAP supports CORBA security specification announced by OMG. SCAP is comprised of four functional blocks, which co-work with ORB to provide security services: Authentication Block, Association Block, Access Control Block, and Security Information Management Block. It is designed to support Common Secure Interoperability Functionality Level 2, which is useful for large-scale intra-, or inter-network based applications. Actual security services, which are dependent on supporting security technology, will be provided as external security service for replace ability. Implementation issues such as how to simulate an interceptor mechanism using a commercial ORB product without source code, and how to extend Current object required for security services are also described. At the end of the paper, the SCAP applied to the web environment is described to show its practical utilization.