• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.169-177
• /
• 2012

In the development process of application systems, the most important works are analysis and design. Most of the application systems are implemented on database system. So, database design is important. Also, IT System are confronted with more and more attacks by an increase interconnections between IT systems. Therefore security-related processes belong to a very important process. Security is a complex non-functional requirement that can interaction of many parts in the system. But Security is considered in the final stages of development. Therefore, Their increases the potential for the final product to contain vulnerabilities. Accordingly, Early in development related to security analysis and design process is very important. J2EE gives a solution based on RBAC((Role Based Access Control) for security and object-relational database also has RBAC for security. But there is not a object-oriented analysis and design methodology using RBAC of J2EE and object-relational database for security. In this paper, the unified object-oriented analysis and design methodology is developed for security-critical web application systems based on J2EE and object-relational database. We used UMLsec and RBAC of object-relational database and J2EE for this methodology.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.3
• /
• pp.879-890
• /
• 2000

Designing a multilevel database application is a complex process, and the entities and their associated security levels must be represented using an appropriate model unambiguously. It is also important to capture the semantics of a multilevel databse application as accurate and complete as possible. Owing to the focus of the IDEA Methodology for designing the non-secure database applications on the data-intensive systems, the Object Model describes the static structure of the objects in an application and their relationships. That is, the Object Model in the IDEA Methodology is an extended Entity-Relationship model giving a static description of objects. The IDEA Methodology has not been developed the multilevel secure database applications, but by using an existing methodology we could take advantage of the various techniques that have already been developed for that methodology. That is, this way is easier to design the multilevel secure schema than to develop a new model from scratch. This paper adds the security features 새？ Object Model in the IDEA Methodology, and presents the transformation from this model to a multilevel secure object oriented schema. This schema will be the preliminary work which can be the general scheme for the automatic mapping to the various commercial multilevel secure database management system such as Informix-Online/Secure, Trusted ORACLE, and Sybase Secure SQL Server.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.6
• /
• pp.3807-3818
• /
• 2015

The objective of this study is to develop an on-line system for improving undergraduate students' competency development. After drawing elements necessary for the competency development such as assessment and planning, competency development, analysis of competency assessment, portfolio, analysis of job ability and community, based on the literature research related to competency and the analysis of the existing system, the direction of the system design was set up. The system was developed by using Microsoft Windows operating system in Windows server, ORACLE ver.10 as its database management system, and JSP and JAVA as its programing language. Reviewing errors and improvements of the system, it was modified and complemented. In order to examine the content functional utilization of the final competency development system, the utilization was verified. The competency development system for undergraduate students can be used as on-line space filled with the internalization of knowledge, self-directed competency development, convenience of record management and interactions between students-professors-alumna, owing to its functions such as boosting competency activities, cultivating career-pioneering ability and introspecting. When it is rare to find researches on the competency development system for undergraduate students, it is expected to be helpful to the development of competency education and the career education for undergraduate students as a new alternative for the competency development.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.113-124
• /
• 2002

Proposals for a password-based authenticated key exchange protocol that have been published so far almost concentrated on the provable security. But in a real environment such as mobile one, efficiency is a critical issue as security. In this paper we discuss the efficiency of PAK which is secure in the random oracle model ［l］. Among 4 hash functions in PAK the instantiation for $H_1$, which outputs a verifier of the password, has most important effect on the computational efficiency. We analyze two different methods for $H_1$ suggested in ［1］ and we show that $H_{lq}$ has merits in transforming to EC or XTR variants as well as in the efficiency. As an efficient variant. we propose PAK2-EC and PAK2-XTR which do not require any additional step converting a hash output into a point of elliptic curve or XTR subgroup when compared to the previous work on the PAK［2］. Finally we compare PAK2 with the password-based authenticated key exchange protocols such as SPEKE, SRP, and AMP.

• Journal of Convergence for Information Technology
• /
• v.11 no.8
• /
• pp.36-41
• /
• 2021

Although the technology for prediction or analysis using artificial intelligence is constantly developing, a black-box problem does not interpret the decision-making process. Therefore, the decision process of the AI model can not be interpreted from the user's point of view, which leads to unreliable results. We investigated the problems of artificial intelligence and explainable artificial intelligence using Blockchain to solve them. Data from the decision-making process of artificial intelligence models, which can be explained with Blockchain, are stored in Blockchain with time stamps, among other things. Blockchain provides anti-counterfeiting of the stored data, and due to the nature of Blockchain, it allows free access to data such as decision processes stored in blocks. The difficulty of creating explainable artificial intelligence models is a large part of the complexity of existing models. Therefore, using the point cloud to increase the efficiency of 3D data processing and the processing procedures will shorten the decision-making process to facilitate an explainable artificial intelligence model. To solve the oracle problem, which may lead to data falsification or corruption when storing data in the Blockchain, a blockchain artificial intelligence problem was solved by proposing a blockchain-based explainable artificial intelligence model that passes through an intermediary in the storage process.

• KIPS Transactions on Software and Data Engineering
• /
• v.12 no.9
• /
• pp.419-430
• /
• 2023

Currently, NFTs have no dominant application except for the proof of ownership for digital content, and it also have small liquidity problem, which makes their price difficult to predict. Real estate usually has very high barriers to investment due to its high pricing. Real estate can be converted into NFTs and also divided into small value fungible tokens (FTs), and it can increase the the volume of the investor community due to more liquidity and better accessibility. In this document, we implement and design a system that allows ordinary users can invest on high priced real estate utilizing Black Litterman (BL) model-based Portfolio investment interface. To this end, we target a set of real estates pegged as collateral and issue NFT for the collateral using blockchain. We use oracle to get the current real estate information and to monitor varying real estate prices. After tokenizing real estate into NFTs, we divide the NFTs into easily accessible price FTs, thereby, we can lower prices and provide large liquidity with price volatility limited. In addition, we also implemented BL based asset portfolio interface for effective portfolio composition for investing in multiple of real estates with small investments. Using BL model, investors can fix the asset portfolio. We implemented the whole system using Solidity smart contracts on Flask web framework with public data portals as oracle interfaces.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.161-168
• /
• 2013

For the successful implementation of IT projects, individual consultant's competency in the project is very important. Especially, learning processes are required for solving various critical issues which can be occurred during implementing IT project. The objective of this research is to develop the measures for learning processes. Prior to setup the learning processes, we conducted 3 times in-depth interviews with IT consultants who have over 20 years IT project experiences. Through interviews with IT project expert, we tried to validate our research mode and develop survey questionnaires.

• Journal of Korean Academy of Nursing
• /
• v.44 no.1
• /
• pp.64-74
• /
• 2014

Purpose: This study was done to develop and implement the Nursing KMS (knowledge management system) in order to improve knowledge sharing and creation among clinical nurses in outpatient departments. Methods: This study was a methodological research using the 'System Development Life Cycle': consisting of planning, analyzing, design, implementation, and evaluation. Quality Function Deployment (QFD) was applied to establish nurse requirements and to identify important design requirements. Participants were 32 nurses and for evaluation data were collected pre and post intervention at K Hospital in Seoul, a tertiary hospital with over 1,000 beds. Results: The Nursing KMS was built using a Linux-based operating system, Oracle DBMS, and Java 1.6 web programming tools. The system was implemented as a sub-system of the hospital information system. There was statistically significant differences in the sharing of knowledge but creating of knowledge was no statistically meaningful difference observed. In terms of satisfaction with the system, system efficiency ranked first followed by system convenience, information suitability and information usefulness. Conclusion: The results indicate that the use of Nursing KMS increases nurses' knowledge sharing and can contribute to increased quality of nursing knowledge and provide more opportunities for nurses to gain expertise from knowledge shared among nurses.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1313-1327
• /
• 2013

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.6
• /
• pp.1512-1532
• /
• 2013

A convertible undeniable signature requires a verifier to interact with the signer to verify a signature and furthermore allows the signer to convert a valid one to publicly verifiable signature. In 2007, Yuen et al. proposed a convertible undeniable signature without random oracles in pairings. However, it is recently shown that Yuen et al.'s scheme is not invisible for the standard definition of invisibility. In this paper, we propose a new improvement by using extended Euclidean algorithm that can overcome the visibility attack. The proposed scheme has been evaluated based on computation and communication complexities and the performance comparisons of Yuen et al.'s scheme and various convertible undeniable signature schemes are provided. Moreover, it has been observed that the proposed algorithm reduces the computation and communication times significantly.