• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.9
• /
• pp.2405-2423
• /
• 2012

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.2
• /
• pp.154-173
• /
• 2010

Database outsourcing is unavoidable in the near future. In the scenario of data stream outsourcing, the data owner continuously publishes the latest data and associated authentication information through a service provider. Clients may register queries to the service provider and verify the result's correctness, utilizing the additional authentication information. Research on On-line Stream Analytics (OLSA) is motivated by extending the data cube technology for higher multi-level abstraction on the low-level-abstracted data streams. Existing work on OLSA fails to consider the issue of database outsourcing, while previous work on stream authentication does not support OLSA. To close this gap and solve the problem of OLSA query authentication while outsourcing data streams, we propose MDAHRB and MDAHB, two multi-dimensional authentication approaches. They are based on the general data model for OLSA, the stream cube. First, we improve the data structure of the H-tree, which is used to store the stream cube. Then, we design and implement two authentication schemes based on the improved H-trees, the HRB- and HB-trees, in accordance with the main stream query authentication framework for database outsourcing. Along with a cost models analysis, consistent with state-of-the-art cost metrics, an experimental evaluation is performed on a real data set. It exhibits that both MDAHRB and MDAHB are feasible for authenticating OLSA queries, while MDAHRB is more scalable.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.05a
• /
• pp.281-286
• /
• 2009

The proposed technique uses cyclic frame structure, where three periods such as beacon period (BP), mesh contention access period (MCAP) and slotted period (SP) are in a data frame. This paper studies on a mechanism to allow communication nodes (6lowpan) in a PAN with different logical channel for global healthcare applications monitoring technology. The proposed super framework structure system has installed 6lowpan sensor nodes to communicate with each other. The basic idea is to time share logical channels to perform 6lowpan sensor node. The concept of 6lowpan sensor node and various biomedical sensors fixed on the patient BAN (Body Area Network) for monitoring health condition. In PAN (hospital area), has fixed gateways that received biomedical data from 6lowpan (patient). Each 6lowpan sensor node (patient) has IP-addresses that would be directly connected to the internet. With the help of IP-address service provider can recognize or analyze patient data from all over the globe by the internet service provider, with specific equipments i.e. cell phone, PDA, note book. The NS-2.33 result shows the performance of data transmission delay and data delivery ratio in the case of hop count in a PAN (Personal Area Networks).

• Journal of Korean Institute of Industrial Engineers
• /
• v.28 no.3
• /
• pp.291-301
• /
• 2002

In this paper, we introduce a mathematical model to analyze pricing/quality and service mix strategies for Internet Portal site. This model includes utilities and costs of each participants, i.e., user, third party provider, and portal sites. Especially, we consider portal sites that initiate their businesses by providing free services like free e-mail service or search service and providing several charged services. As the results, we can find that Portal sites should make the target of customers and focus them to maximize their profit. Portal sites should pay their marketing effort not for all customers but pertinent portions of customers. And Portal sites should make more efforts to efficiently develop and provision their services.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.7
• /
• pp.17-26
• /
• 2016

Information spill was occurred several times in the country due to the negligence of the large internet service providers including SK Communications, Auction, KT. In order to judge the Internet Service Provider(ISP)'s liability in individual data spill caused by hacking, the violation of existing legislation or general principle of law's good faith principle has to be examined. However, based on current ISP's good faith principle, there is no objective standard for judging liability. Such uncertain range of protection action duty based on good faith principle generates complaint toward companies, therefore presentation of objective judgement range index on how to determine this range is needed. However due to the legal characteristic of above-mentioned law, it is not possible to fix the range of protection action duty and regulate it on law. In order to resolve this, rather than concerning simply on legal system level, fusion approach method is needed. Thus, this research will discuss the measure for objective standard for predicting ISP's range of protection action duty through fusion view dividing in technical, legal and administrative aspects.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.1
• /
• pp.38-57
• /
• 2016

Service discovery is one of the major challenges in cloud computing environment with a large number of service providers and heterogeneous services. Non-uniform naming conventions, varied types and features of services make cloud service discovery a grueling problem. With the proliferation of cloud services, it has been laborious to find services, especially from Internet-based service repositories. To address this issue, services are crawled and clustered according to their similarity. The clustered services are maintained as a catalogue in which the data published on the cloud provider's website are stored in a standard format. As there is no standard specification and a description language for cloud services, new efficient and intelligent mechanisms to discover cloud services are strongly required and desired. This paper also proposes a key-value representation to describe cloud services in a formal way and to facilitate matching between offered services and demand. Since naïve users prefer to have a query in natural language, semantic approaches are used to close the gap between the ambiguous user requirements and the service specifications. Experimental evaluation measured in terms of precision and recall of retrieved services shows that the proposed approach outperforms existing methods.

• International journal of advanced smart convergence
• /
• v.11 no.4
• /
• pp.20-27
• /
• 2022

In this paper, we propose to improve the designation examination criteria of agencies that provide personal identity proofing based on the resident registration number (RRN), a 13-digit number uniquely assigned by the government to identify Korean citizens. In online commerce, etc., the personal identity proofing agency (PIPA) is a place where online users can prove their personal identity by presenting an alternative means instead of their RRN. The designation examination criteria for PIPAs established in 2012 is a revision of the relevant current laws, and there is a problem in applying the designation examination for alternative means of RRN as the current examination standard. Therefore, in this paper, we propose a method to make the current examination criteria applicable to the newly designated examination of the personal identity proofing service provider based on the current RRN alternative method. According to the current designation examination criteria, only those who satisfy all the examination criteria are designated as the PIPA. However, in reality, it is not in line with the purpose of regulatory reform to require that all examination criteria be satisfied. In the proposed method, it is proposed to apply the standard score system for designation of PIPAs, to make the law current, to secure legal compliance, and to establish a new examination standard to provide a new alternative means of personal identity proofing service. By applying the proposed method to the PIPA designation examination, various alternative means of RRN can be utilized in the online commerce service market.

• Journal of Internet Computing and Services
• /
• v.19 no.2
• /
• pp.17-26
• /
• 2018

Recently, through the emergence and convergence of Internet services, the unified Internet of thing(IoT) service platform have been researched. Currently, the IoT service is constructed as an independent system according to the purpose of the service provider, so information exchange and module reuse are impossible among similar services. In this paper, we propose a operation based service classification algorithm for various services in order to provide an environment of unfied Internet platform. In implementation, we classify and cluster more than 100 commercial IoT services. Based on this, we evaluated the performance of the proposed algorithm compared with the K-means algorithm. In order to prevent a single clustering due to the lack of sample groups, we re-cluster them using K-means algorithm. In future study, we will expand existing service sample groups and use the currently implemented classification system on Apache Spark for faster and more massive data processing.

• Journal of the Korean Home Economics Association
• /
• v.40 no.12
• /
• pp.199-216
• /
• 2002

The purpose of this research is to study the efficiency of the Internet market, not provided to consumers by the existing traditional market. This research examines whether consumers properly understand the efficiency of the Internet market. The result from consumers perception on the efficiencies in the two market are as follows. First, consumers perceived the traditional market as having more product alternatives compared to the Internet market. Second, consumers perceived that the Internet market was more efficient in price dispersion and price change Third, the Internet market was considered more efficient in searching and travel time, and in the search cost. Finally, the traditional market was considered as a better provider of the information about product function, feature, reality, usage and service compared to the Internet market. On the contrary, the Internet market turned out to be more effective in providing product information, price information and trading information compared to the traditional market. Therefore consumers perceived the traditional market of having more information.