• Journal of Internet Computing and Services
• /
• v.7 no.6
• /
• pp.157-174
• /
• 2006

Ajax interaction model changes the posture of web application to become a stateful over HTTP. Ajax applications are long-lived inthe browser. XMLHTTPRequest (XHR) is used to facilitate the data exchange. Using HTTPS over this interaction is not viable because of the frequency of data exchange. Moreover, switching of protocols form HTTP to HTTPS for sensitive information is prohibited because of server-of-origin policy. The longevity, constraint, and asynchronous features of Ajax application need to hove a different authentication and session fondling mechanism that invoke re-authentication. This paper presents an authentication and session management scheme using Ajax. The scheme is design lo invoke periodic and event based re-authentication in the background using digest authentication with auto-generated password similar to OTP (One Time Password). The authentication and session management are wrapped into a framework called AWASec (Ajax Web Application Security) for coupling to avoid broken authentication and session management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.519-530
• /
• 2015

With the development of technologies, smartphone provides excellent extensibility and performance. Users can install application programs easily in smartphone, so they can use smartphone in various way. In the past, users used smartphone for enhancing security in personal computer. Nowadays, smartphone has become a major target for attackers. Therefore we needs a reliable portable device for smartphone security. There are various wearable devices such as smartglasses and smartwatches, so they can be used for enhancing security in smartphone. In this paper, we study about that smartwatches can be role for enhancing smartphone security, and we implement transaction information verification scheme, Transaction information verification scheme based on CAPTCHA and CAPTCHA based transaction OTP scheme and experiment with users in prototype application.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.53-59
• /
• 2013

As the hacking technology for cyber-terror and financial fraud evolves, the research and development for advanced and standardized information security technology is growing to be more and more important. In this paper, the domestic level of technology and standardization for information security as compared to advanced country is diagnosed, and future policy is presented by analyzing the influence effect for market and technology. The information security is classified into information security-based & user protection, network & system security, and application security & evaluation validation with details of OTP-based validation, smart-phone app security, and mobile electronic finance, etc. The analytic results indicate that domestic level is some poor for advanced country, the technological development and standardization capability for smart-phone app security and mobile electronic finance is needed, and finally the government's supporting policy for the future Internet is urgently needed.

• Proceedings of the Korean Society of Applied Pharmacology
• /
• 1997.11a
• /
• pp.47-50
• /
• 1997

Drug development began with the finding of biologically active compounds which are obtained by chemical synthesis or from natural sources. The advent of Combinatorial Chemistry is recognized as a strategy which has a potential to change the methodology of research and development(R&D) of new drugs. Drug development has been carried out with diverse strategies. In the past several decades a variety of new methodology have been introduced in R&D. Random screening of accumulated synthetic samples which had been synthesized for development of other drugs led to the discovery of new drugs. The typical examples are anti-asthma drug trimethoquinol and calcium antagonist diltiazem. (herbesser). In particular the latter drug has been used as a calcium antagonist worldwide, however it was first synthesized to find new tranquilizer and this is the reason why diltiazem has benzodiazepam skeleton. The random screening contributed in the finding of new drugs were carried out with whole animal test and it is a standard methodology in R&D of new drugs. Aspirin is the first synthetic non-steroidal antiinflammatory drug(NSAID) and has been used for more than one hundred years. It is the first example of drug developed from natural product. Salicin is the main constituent of willow bark which had been used in Europe for a long time to treat arthritis and aspirin was developed from salicin. Most of NSAID used clinically were developed from the structure of aspirin, however it took 70 years to clarify why aspirin exhibits its antiinflammatory, analgesic and antipyretic activities. The target of aspirin is cyclooxygenase(COX)which is the first enzyme involved in arachidonate cascade leading to the production of prostaglandins(PG) and thromboxan(TX). Side effect of aspirin causing ulcer in stomach is rather serious problem, since aspirin is so popular drug easily obtained in drug store(OTP). This problem is now going to be solved by a new finding on COX, which have two different types, one is constitutionally expressed COX 1 in almost all organs and the other is inducible COX 2. COX 2 is the responsible enzyme in inflammation etc and now the search of COX 2 specific inhibitors is the target of R&D of next generation NSAID.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.585-594
• /
• 2003

Java card is one of promising smart card platform with java technology. Java card defines necessary packages and classes for Embedded device that have small memory such as smart card Jana card is compatible with EMV that is Industry specification standard and ISO-7816 that is international standard. However, Java card is not offers user authentication protocol. In this paper, We design and implement an user authentication protocol applicable wireless devices based on Java Card using standard 3GPP Specification (SMS), Java Card Specification (APDU), Cryptography and so on. Our Java Card user authentication techniques can possibly be applied to the area of M-Commerce, Wireless Security, E-Payment System, Mobile Internet, Global Position Service, Ubiquitous Computing and so on.