• Journal of KIISE:Information Networking
• /
• v.29 no.4
• /
• pp.333-345
• /
• 2002

As computers and networks become popular, distributing information on the Internet is common in our daily life. Also, the explosion of the Internet, of wireless digital communication and data exchange on Internet has rapidly changed the way we connect with other people. But secure mail is gaining popularity abroad and domestically because of their nature of providing security. That is. It has been used a variety of fields such as general mail and e-mail for advertisement. But, As the data transmitted on network can be easily opened or forged with simple operations. Most of existing e-mail system don't have any security on the transmitted information. Thus, security mail system need to provide security including message encryption, content integrity, message origin authentication, and non-repudiation. In this paper, we design and implement secure mail system with secure key agreement algorithm, non-repudiation service, and encryption capability to provide services for certification of delivery and certification of content as well as the basic security services.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.5 no.4
• /
• pp.45-53
• /
• 2015

In this paper, an approach of temporal certification system that can be easily added on current character-based certification system is newly introduced. This technique enhances the security of the password certification process by exploiting temporal information for each character's stroke timing, and using them as another feature of certification information, on top of character comparison process. There are three different temporal conditions: maximum, minimum and no-option. The maximum condition along with a time number (usually 0.2 second or less) means that the next key input should be punched within the time limit, while the minimum condition means the next key stroke should be typed after the time lapse specified. With no-option condition chosen, user can punch the password without any timing constraints. Prototype was developed and tested with four number password case. In comparison with 104 cases, this new approach increases the cases more than 10 digits, enhancing the security of the certification process. One big advantage of this new approach is that user can update his/her password only with different timing constraints, still keeping the same characters, that will enhance the security system management efficiency in a very simple way. Figures and pictures along with process flow are included for the validity of the idea.

• Journal of Korea Multimedia Society
• /
• v.23 no.5
• /
• pp.658-666
• /
• 2020

PGP is an encryption software designed to provide information protection, security and authentication services for online communication systems. The characteristic of behavior done on the Internet is that you don't know the other person. It is very important to protect information from someone you cannot trust. So identification of the other person is an important task. PGP uses an digital signature algorithm to verify the identity of the other party. However, it is not accurate to check the other party's credibility. PGP increases trust as other users sign more on public keys of user. In other words, credibility is not perfect. In this paper, PGP certification system that key management in Ethereum blockchain, one of the blockchain platforms, is proposed. Key management in blockchain ensures data integrity, transparency and reliability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.57-64
• /
• 2007

As a ubiquitous environment approaches and the use of the wireless Internet using the mobile terminals is on the increase. Therefore, the users have to undergo the inconvenience of repeatedly input the same information for the user registration and the ID certification. The information the users have to put in to register in on-line services range from the basic personal information to the more other private information such as financial information. Accordingly the user can be in control of users personal information and safely manage the information by conveniently selecting from the Digital ID Wallet the Ticket that holds various information including the basic, financial or payment certification-related information. Consequently, we propose a digital identity management mechanism to control one's personal information in a mobile environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.729-741
• /
• 2018

On June 24, 2015, the Financial Services Commission (Financial Services Commission) completely abolished the security review process, and said that it would substitute self-security review obligations with self-security reviews. Security officials at financial institutions conduct security reviews based on CIA security grade when they conduct security reviews for secure electronic financial transactions. However, the recent security review for Internet and mobile electronic financial transactions has carried out a security review, either by checking separate processes or by referring to new technologies and data related to security. This paper proposes the CIAAP security gradesl with the addition of certification and privacy protection indicators to the CIA based security grades, especially through the security review of electronic financial transactions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.725-734
• /
• 2016

SCADA(Supervisory Control and Data Acquisition) system is widely used for remote monitoring and control throughout the domestic industry. Due to a recent breach of security on SCADA systems, such as Stuxnet, the need of correctly established secure certification of a control system is growing. Currently, EDSA-CRT (Embedded Device Security Assurance-Communication Robustness Test), which tests the ability to provide core services properly in a normal/abnormal network protocol, is only focused on the testing of IP-based protocols such as IP, ARP, TCP, etc. Thus, in this paper, we propose test requirements for DNP3 protocol based on EDSA-CRT. Our analysis show that the specific test cases provide plentiful evidences that DNP3 should follow based on its functional requirements. As a result, we propose 33 specific test case for DNP3 protocol.

• The Journal of Society for e-Business Studies
• /
• v.10 no.1
• /
• pp.121-134
• /
• 2005

The MANET has many problems in security despite of its many advantages such as supporting the mobility of nodes, independence of the fixed infrastructure, and quick network establishment. In particular, in establishing security, the traditional certification service has many difficult problems in applying to the MANET because of its safety, expandability, and availability. In this paper, a secure and effective distributed certification service method was proposed using the Secret Sharing scheme and the Threshold Digital Signature scheme in providing certification services in the MANET. In the proposed distributed certification service, certain nodes of relatively high safety among the mobile nodes consisting of the MANET, were set as privileged nodes, from which the process of issuing a certification started. The proposed scheme solved problem that the whole network security would be damaged by the intrusion to one node in the Centralized Architecture and the Hierarchical Architecture. And it decreased the risk of the exposure of the personal keys also in the Fully Distributed Architecture as the number of the nodes containing the partial confidential information of personal keys decreased. By the network simulation, the features and availability of the proposed scheme was evaluated and the relation between the system parameters was analyzed.

• Journal of Software Engineering Society
• /
• v.25 no.1
• /
• pp.19-28
• /
• 2012

Personal registration number has been used as a means of personal identification on existing internet. However, its use on internet sites has become a major factor increasing danger of leaking of personal information. Presently, the government recommends i-PIN to minimize the collection of personal registration numbers and leaking of personal information on internet. Original purpose of i-PIN is to recognize persons by its virtual number of 13 digits instead of using personal registration number on internet websites. These days, i-PIN continues to be used increasingly as a form of certification. This study seeks to explore software service methodology of using i-PIN as a form of certification on internet websites and examples in which its other forms of self certification are used than existing i-PIN services.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.4
• /
• pp.209-218
• /
• 2017

In order to efficiently and preemptively respond to financial security threats that are becoming more sophisticated and intelligent, and to enable financial users to receive financial services safely, financial information security professionals are needed. However, as of 2015, the number of financial IT security personnel was 4.9%, which is slightly lower than the previous year, but still low. In this study, it is expected that the number of experts in financial security will increase gradually. In order to verify the minimum performance of financial security professionals and enhance the security consciousness, the subjects of the existing security qualification system, Curriculum and inspection techniques to analyze the necessity of introducing information security specialization specialized in financial sector.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.9-20
• /
• 2018

Financial service industry has introduced and operated management systems such as information security management system (ISMS), personal information security management system, business continuity management system to protect and maintain suitably customer's financial information and financial service. This study started that it's desirable financial industry takes consideration of ISMS and it can be different types among various organizations taking consideration of culture, practical work, and guideline of information security. The study derives primary control areas of ISMS through analyzing non-conformity trends and control factors according to certification audit for finance-related organizations introduced international ISMS of ISO27001 which is well known and commonly applicable irrespective of areas in financial service industry. Through case analyses for five finance-related organizations operating ISMS, this study analyzed improvement effects of ISMS. It has a meaning as an initial research though it was difficulty in acquiring data for empirical study because of rare organizations maintaining certification in financial sector. As a result, number of non-confirmity from the first audit to three years' elapse was decreased every year. Physical and environmental security, communication and operations management, and access control having the highest frequency of non-conformity each presented 23%, 19%, and 17%, which reached 59% in total and they are derived into primary control areas. ISMS can fulfill technical, managerial, physical security issues, which have not been treated importantly in financial industry. In addition, this study presented that ISMS can be an effective management system applicable for financial service industry.