• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.93-104
• /
• 2010

The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.2
• /
• pp.207-213
• /
• 2002

Fingerprint has the characteristics that do not change with time and is unique to an individual. And fingerprint identification is considered the best choice for most biometric applications because of its accuracy, speed, reliability, non-intrusive interfaces and cost-effectiveness. In this paper, we applies fingerprint Identification to web site login to raise the quality of personal identification when we use e-commerce, internet banking, stock dealings, shopping mali, etc. The system implemented in this paper consists of embedded module to carry out fingerprint identification, web server and web site. Existing system carries out fingerprint identification in the web server, but the system Implemented in this paper carries out it in client. Therefore the loads of server are reduced and the confidence of internet service is improved because login is forbidden without fingerprint identification success.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.89-96
• /
• 2007

Radio Frequency Identification system based on EPC(Electronic Product Code) Network Environment can read or write information of tagged objects, using Rf signals without direct contact. This advantage which is to provide storage ability and contactless property is better than Bar-code system. Mobile RFID system which integrates Mobile system with RFID system will provide new additional service to users. However, an advantage for obtaining information of objects using RF signal causes personal privacy problem. In this paper, we propose techniques that can protect personal privacy based on mobile. Our scheme provides privacy protection of users and is more efficiently than another application service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.977-983
• /
• 2013

This paper presents result of researching personal information exposure of Korean twitter and facebook users. Personally identifiable information such as e-mail and phone numer is exposed in the accounts less than 1%. However there are many cases that a person is identified by non personally identifiable information. For example, 350 thousands accounts are distinguished with other accounts because its name is unique. Using combination of information such as name and high school, we can distinguish 2.97 millions accounts. We also found 170 thousands account pairs that are candidate of one users' own account. Linkability between two accounts in two different domains means that the person is identified. Currently, only personally identifiable information is protected by policy. This paper shows that the policy has limited effects under the circumstances that a person can be identified by non personally identifiable information and the account linking is possible.

• The Korean Society of Law and Medicine
• /
• v.24 no.4
• /
• pp.67-101
• /
• 2023

The utilization of generative AI in the medical field is also being rapidly researched. Access to vast data sets reduces the time and energy spent in selecting information. However, as the effort put into content creation decreases, there is a greater likelihood of associated issues arising. For example, with generative AI, users must discern the accuracy of results themselves, as these AIs learn from data within a set period and generate outcomes. While the answers may appear plausible, their sources are often unclear, making it challenging to determine their veracity. Additionally, the possibility of presenting results from a biased or distorted perspective cannot be discounted at present on ethical grounds. Despite these concerns, the field of generative AI is continually advancing, with an increasing number of users leveraging it in various sectors, including biomedical and life sciences. This raises important legal considerations regarding who bears responsibility and to what extent for any damages caused by these high-performance AI algorithms. A general overview of issues with generative AI includes those discussed above, but another perspective arises from its fundamental nature as a large-scale language model ('LLM') AI. There is a civil law concern regarding "the memorization of training data within artificial neural networks and its subsequent reproduction". Medical data, by nature, often reflects personal characteristics of patients, potentially leading to issues such as the regeneration of personal information. The extensive application of generative AI in scenarios beyond traditional AI brings forth the possibility of legal challenges that cannot be ignored. Upon examining the technical characteristics of generative AI and focusing on legal issues, especially concerning the protection of personal information, it's evident that current laws regarding personal information protection, particularly in the context of health and medical data utilization, are inadequate. These laws provide processes for anonymizing and de-identification, specific personal information but fall short when generative AI is applied as software in medical devices. To address the functionalities of generative AI in clinical software, a reevaluation and adjustment of existing laws for the protection of personal information are imperative.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.145-185
• /
• 2007

A resident registration number is used to confirm and prove his/her identity in a government/non-governmental agency. It is a essential requirement to become the registered member on internet website in Korea. It is serious problem that the resident registration number and name are outflowed in internet and misused by others. So the MIC(Ministry of Information and Communication) in Korea plans and operates the identification system using I-PIN that integrate 5 alternative methods of resident registration number. In this paper, we analyze the problem about the method of 5 I-PIN services and show the security analysis on the implementation vulnerabilities of I-PIN services. we also analyze 17 websites that provides identification system using I-PIN. Finally, we analyze the overall problem of I-PIN service and propose the countermeasure about the problem.

• Journal of IKEEE
• /
• v.13 no.4
• /
• pp.89-95
• /
• 2009

Recently, IC cards are used to protect personal information and to have user verification. Among them, the usage of Java Cards which can contain applications after issuing are increasing and installing several applets on Java card is possible. When Java Cards are used, applet works after completing user identification. In this paper, we designed, embodied and verified the mechanism of user identification process according to PIN setting of applets; Stored_PIN, Install_PIN and Update_PIN. These several applications of Java cards will be used for user identification independently or multiply, while using diverse user identification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.131-146
• /
• 2021

Multimodal biometric-based recognition has been an active topic because of its higher convenience in recent years. Due to high user convenience of finger, finger-based personal identification has been widely used in practice. Hence, taking Finger-Print (FP), Finger-Vein (FV) and Finger-Knuckle-Print (FKP) as the ingredients of characteristic, their feature representation were helpful for improving the universality and reliability in identification. To usefully fuse the multimodal finger-features together, a new robust representation algorithm was proposed based on hierarchical model. Firstly, to obtain more robust features, the feature maps were obtained by Gabor magnitude feature coding and then described by Local Binary Pattern (LBP). Secondly, the LGBP-based feature maps were processed hierarchically in bottom-up mode by variable rectangle and circle granules, respectively. Finally, the intension of each granule was represented by Local-invariant Gray Features (LGFs) and called Hierarchical Local-Gabor-based Gray Invariant Features (HLGGIFs). Experiment results revealed that the proposed algorithm is capable of improving rotation variation of finger-pose, and achieving lower Equal Error Rate (EER) in our homemade database.