• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.61-70
• /
• 2004

Web service technology will be used in various business fields and it will affect business paradigms. But, however, there is no standard so far and we have many problems to be solved in order to insure interoperability and security. Especially we have to solve Web service security for effective utilization of the technology and otherwise, the technology will not be used in the business field. We, therefore, need to develope security technology which fits to the Web service characteristics. This document describes a proposed strategy for addressing security within a Web service environment based on the results of analysis on the Web service security problems.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.111-123
• /
• 2016

Recently, mobile devices have been widely used. Therefore, the service users want that are not constrained by time and space. Among them, electronic payment services, mobile finance service is enjoying a tremendous popularity. The FinTech is the result of the fusion of finance and ICT(Information & Communication Technology). Security experts is pointed the FinTech security risk. New technology and Innovative FinTech services are even available, Insecure FinTech services is insignificant. In this paper we were surveyed market and product trends of FinTech and analyzed the threats about FinTech. Also, we analyzed the security considerations for FinTech using a questionnaire. As a result, users considers secure payment process and privacy. Therefore, we proposed security considerations for each vulnerability. So, we must be resolved of security technology and policy issues. If establishing a secure payment process and the unclear legal issue is resolved, FinTech service will provide a secure financial services to the user.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.347-360
• /
• 2005

E-Government service is national project that is necessary for international competitiveness, openness of government and effectiveness of governmental work process. E-Government security is very important because it treats data has relatively high sensitivity. But, until now, the development point of E-Government service has been limited to only it's contents and infrastructure based on web without consideration of E-Government security. Lately research for E-Government security has been studied by some advanced country of E-Government service, but it is insufficient. To construct E-Government security based on web Infra, first of all, analysis of web service security technology is needed to precede. And then research for appling the technology to E-Government service are required. We propose secure E-Government service scenario with web service security technology based on development stages of E-Government service. We also suggest overall view and secure scenario of E-Government service in Integrated Computing Environment.

• Journal of Information Processing Systems
• /
• v.1 no.1 s.1
• /
• pp.86-95
• /
• 2005

Location-based services or LBS refer to value-added service by processing information utilizing mobile user location. With the rapidly increasing wireless Internet subscribers and world LBS market, the various location based applications are introduced such as buddy finder, proximity and security services. As the killer application of the wireless Internet, the LBS have reconsidered technology about location determination technology, LBS middleware server for various application, and diverse contents processing technology. However, there are fears that this new wealth of personal location information will lead to new security risks, to the invasion of the privacy of people and organizations. This paper describes a novel security approach on open LBS service to validate certificate based on current LBS platform environment using XKMS (XML Key Management Specification) and SAML (Security Assertion Markup Language), XACML (extensible Access Control Markup Language) in XML security mechanism.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.85-90
• /
• 2004

Web service technology will be used in various business fields and it will affect business paradigms. But, however, there is no standard so far and we have many problems to be solved in order to insure interoperability and security. Especially we have to solve Web service security for effective utilization of the technology and otherwise, the technology will not be used in the business field. We, therefore, need to develope security technology which fits to the Web service characteristics. This document describes a proposed strategy for addressing security within a Web service environment based on the results of analysis on the Web service security problems.

• Korean Security Journal
• /
• no.5
• /
• pp.89-108
• /
• 2002

The prospect of security services industries is as followings. First, integrated security system will be increased in the security service sphere of collective housing such as apartments. Second, the needs to security services with high-tech electronic security system and systematic security service against crimes will be increased. Third, the needs to crime prevention and disaster prevention service including information security service by means of internet and information and communication technology will be increased. Fourth, perhaps domestic market of security service will be reshaped in relation with localization trend and entrance of foreign security service companies to our country. With these conclusions I think that the departments of universities related to security services will focus on their social roles.

• Journal of Information Processing Systems
• /
• v.14 no.3
• /
• pp.740-750
• /
• 2018

There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

• Convergence Security Journal
• /
• v.11 no.1
• /
• pp.39-48
• /
• 2011

QoS(Quality of Service) is defined "The collective effect of service performance which determines the degree of satisfaction of a user of the service" by ITU-T Rec. E.800. The final goal of information system is to secure the performance efficiency within the required time. The security QoS framework is the modeling of the QoS measurement metrics, the measurement time schedule, instrument, method of measurement and the series of methodology about analysis of the result of measurement. This paper relates to implementing issue and performance measuring about blended mechanism between networking technology and security technology. We got more effectiveness in overall network security, when applying and composing amalgamated security mechanism between network technology and security technology. In this paper, we suggest techniques being used on infrastructure system and also offers a security QoS methodology as a model of more effective way. Methodology proposed in this research has proven that it is possible to measure response time through the scheduled method.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.53-61
• /
• 2019

In this paper, we propose 'a self - conformance system of convergence security provider' to provide basic data for security and reliability of convergence industrial technology, system and service. It is difficult to evaluate convergence security systems, limited to information and communication service providers, unable to check convergence security items, burden of submission documents, difficulty in measuring convergence security service level and we will summarize product and service-based requirements that can be integrated and systematically measure the level of convergence security and define renewed life cycle-based convergence security information and content security and assurance requirements. On the basis of this, each convergence security company declares conformity with the standard itself without the certification of the certification body, and introduces the provider conformity certification system which can manufacture and sell. This will enable the company to strengthen its competitiveness through timely launch and implementation of products and services and cost reduction.

• Knowledge Management Research
• /
• v.18 no.4
• /
• pp.237-260
• /
• 2017

Recently, with the proliferation of smart phones and mobile devices and the increase in the speed of mobile Internet, IT services are increasingly used in smart phones and mobile devices in a different way from the past. That is, a cloud service that downloads and uses data stored in the server in real time is expanding, and as a result, the security due to the continuous Internet connection of the user becomes a problem. In this study, we analyzed the relationship between factors affecting the continuous use of personal cloud service by using technology acceptance model. In addition to the technology acceptance model, confidentiality, privacy, accessibility, innovation, and self-efficacy were extracted from the existing research with emphasis on the characteristics of the cloud service and security factors. Moreover, the difference of intention to use among genders was verified through structural equation modeling with survey data from 262 personal cloud service users.