• International journal of advanced smart convergence
• /
• v.13 no.3
• /
• pp.156-169
• /
• 2024

We look at three use cases by business model types of Web3.0 social tokens shaped by 'token eonomics (tokenomics).' As the platform token, 'Roll' mints unique tokens to creators' reputation and allows them to own the value they create. Creators incentivize their followers contributing to the community. Tokens issued on Roll have a fixed supply with 20% minted for creators and 80% distributed across three years. With 'Roll Memberships,' followers gain benefits across token-gated platforms and protocols while getting something in return from the creator. 'Roll Staking' allows creators to integrate their community into crypto-specific products like trading markets, enhancing the features being possible in a creator's community. As the community token, 'Whale' creates WHALE token backed by non-fungible tokens (NFTs), so that it derives its value from NFTs kept in NFT art collection, 'The Vault.' 'Hold-to-Play(H2P)' rewards distributed to token holders owning a minimum threshold of tokens allow them to access to exclusive access to benefits like airdrops, tips, rewards, and exclusive information. Whale DAO open to members locking 1,000 tokens allows them to post a proposal twice a month and to vote in the senate. DAO-Voter role allows members locking 500 tokens to access the vote in the senate, but not to present proposals. As the personal token, 'RAC' distributes RAC tokens to his loyal supporters as a reward. These tokens are available for exclusive content access. RacOS makes it possible for RAC Patreon subscribers to claim RAC tokens each month corresponding with their membership tier.

• Journal of Internet of Things and Convergence
• /
• v.4 no.2
• /
• pp.13-20
• /
• 2018

In this paper, we propose an authentication system that combines 'Single-Sign-On' and 'Token-based authentication' based on 'Block Chain' technology. We provide 'access control' function and 'integrity' by combining block-chain technology with single-sign-on authentication method and provided stateless self-contained authentication function using Token based authentication method. It was able to enhance the security by performing the encryption based Token issuance and authentication process and provided convenience of authentication to Web Server. As a result, we can provide token-based SSO authentication service efficiently by providing a convenient way to improve the cumbersome authentication process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• International Journal of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.149-160
• /
• 2024

For examining Web3.0 video streaming (VS) platforms in terms of the decentralized technology, tokenization and decentralized autonomous organization (DAO), we look at four platforms like DLive, DTube, Livepeer, and Theta Network (Theta). As a result, DLive which firstly partnered with Medianova for CDN and with Theta for peer to peer (P2P) network and migrates to Tron blockchain (BC), receives no commission from what creators earn, gives rewards to viewers by measuring engagement, and incentivizes participation by allowing 20% of donation & fees for funding development, 5% to BitTorrent Token (BTT) stakeholders (among these 5%, 20% to partners, 80% to other BTT stakeholders). DTube on its own lower-layer BC, Avalon, offers InterPlanetary File System (IPFS), gives 90% of the created value to creators or curators, and try to empower the community. Livepeer on Ethereum BC offers decentralized CDN, P2P, gives Livepeer Token (LPT) as incentive for network participants, and delegators can stake their LPT to orchestrators doing good. Theta on its native BC pulls streams from peering caching nodes, creates P2P network, gives Theta utility token, TFUEL for caching or relay nodes contributors, and allows Theta governance token, THETA as staking token. We contribute to the categorization of Web3.0 VS platforms: DLive and DTube reduce the risk of platform censorship, promote the diverse content, and allow the community to lead to more user-friendly environments. On the other hand, Livepeer and Theta provide new methods to stream content, but they have some differences. Whereas Livepeer focuses on the transcoding layer, Theta concentrates both on the video application layer and content delivery layer. It means, Theta tries to deliver value to all participants by enhancing network quality, reducing CDN cost, and rewarding users in utility tokens for the storage and bandwidth they provide.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.5
• /
• pp.1117-1124
• /
• 2015

This paper explains a web session management system for mobile web environment with BYOD(Bring Your Own Device). This system operates by enhanced secure session token. This system consists of an unique identifier, time stamp, and encryption algorithm. The Unique identifier in this system classifies each mobile device for web security based on mobile environment with BYOD. And the Time stamp in this system that determine session effectiveness for web security. Also the Cipher algorithm in this system that protects session token information for web security. This paper analysis a security of session management system running on mobile web environment using the simulation techniques. The proposed method is more suitable than the other methods under enviroment mobile web environment with BYOD.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.119-129
• /
• 2024

We look at Web 3.0 business model canvas (BMC) of metaverse gaming platform, The Sandbox (TS). As results, the decentralized, blockchain-based platform, TS benefits its creators and players by providing true ownership, tradability of decentralized assets, and interoperability. First, in terms of the governance and ownership, The SAND functions a governance token allowing holders to participate in decision and SAND owners can vote themselves or delegate voting rights to other players of their choice. Second, in terms of decentralized assets and activities, TS offers three products as assets like Vox Edit as a 3D tool for voxel ASSETS, Marketplace as NFT market, and Game Maker as a visual scripting toolbox. The ASSETS made in Vox Edit, sold on the Marketplace, can be also utilized with Game Maker. Third, in terms of the network technology, in-game items are no longer be confined to a narrow ecosystem. The ASSETS on the InterPlanetary File System (IPFS) are not changed without the owner's permission. LAND and SAND are supported on Polygon, so that users interact with their tokens in a single place. Last, in terms of the token economics, users can acquire in-game assets, upload these assets to the marketplace, use for paying transaction fees, and use these as governance token for supporting the foundation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.43-53
• /
• 2020

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2017.07a
• /
• pp.39-40
• /
• 2017

본 논문에서는 서버의 비동기 입출력(이하 I/O) 모델을 통해 더 많은 접속과 성능을 위한 패턴과 클라이언트 브라우저의 HTML 템플렛팅과 반응성 UI들의 메모리 관리 패턴을 제안한다. 본 연구는 다이어트 현황을 기록하는 저널(Journal) 서비스를 제공하는 웹 어플리케이션이다. 노드.js (Node.js)의 소켓.io (Socket.io)를 통한 비동기 push 패턴을 사용한 효율적인 I/O 성능, html5의 로컬 저장소 (Local Storage), tcp/ip 헤더의 쿠키 (Cookie), 상태를 저장하는 웹 토큰 (Json Web Token)을 통한 무상태 서버 구조로 구성되어 있다. 이로 인하여 서버 확장성 및 동시 처리, 빠른 질의 성능, 기본 네트워크 패킷 보안을 구축한다. 과한 CPU 처리를 요하는 일 중 템플릿팅은 클라이언트 브라우저에게 분담하도록 하고 효율적인 DOM 접근과 메모리 관리를 위한 싱글턴 패턴을 적극 활용하여 빠르고 즉각적인 반응성을 가진 웹 어플리케이션을 운용한다.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.3
• /
• pp.654-663
• /
• 1999

In this paper, we develop a security system which enhances the security of information during transmission over the World Wide Web for solving problems related to outflow of the information on the internet. Our system provides safe security functions without modifying the existing Web server and browser by utilizing CGI, Plug-in, and Socket Spy techniques. Our system implements user access control and data encryption/decryption by using the hardware cryptographic token instead of using a software technique as in previous systems, and hence is a more robust security system.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.3
• /
• pp.162-168
• /
• 2014

Cross-Site Request Forgery is one of the attack techniques occurring in today's Web Applications. It allows an unauthorized attacker to send authorized requests to Web Server through end-users' browsers. These requests are approved by the Web Server as normal requests therefore unexpected results arise. The problem is that the Web Server verifies an end-user using his Cookie information. In this paper, we propose an enhanced CSRF defense scheme which uses Page Identifier and user password's hash value in addition to the Cookie value which is used to verify the normal requests. Our solution is simple to implement and solves the problem of the token disclosure when only a random token is used for normal request verification.