• Journal of Internet Computing and Services
• /
• 제19권5호
• /
• pp.55-66
• /
• 2018

Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.

• Journal of Korea Multimedia Society
• /
• 제7권2호
• /
• pp.187-193
• /
• 2004

Wireless networks play a very important role in communications today. For example, wireless networks today provide from the basic services like e-mail and FTP to the multimedia applications like Web service. It is obvious that QoS requirements to these diverse applications over wireless networks will continue as in wired networks. Much research has been done to develop QoS supporting algorithms on Internet. But due to the limited bandwidth and varying channel states of the wireless networks, it is difficult to support differentiated service over wireless networks. In this paper we propose the modified wireless token ring protocol supporting QoS to the real-time traffic service node over Internet environments in which non-real-time and real-time traffic service nodes coexist. In the proposed algorithm, the real-time traffic service node gets the priority to take token over the non-real-time traffic service node. So the proposed algorithm support quick transmission of the real-time traffic service node. And this advantage can be obtained with minor modification of the legacy wireless token ing protocol to support QoS. We also consider the lost token recovery mechanism.

• Journal of Information Technology Services
• /
• 제11권4호
• /
• pp.263-275
• /
• 2012

It is becoming hard to maintain web applications because of high complexity and duplication of web pages. However, most of research about code clone is focusing on code hunks, and their target is limited to a specific language. Thus, we propose GSIM, a language-independent statistical approach to detect similar pages based on scarcity and frequency of customized tokens. The tokens, which can be obtained from pages splitted by a set of given separators, are defined as atomic elements for calculating similarity between two pages. In this paper, the domain definition for web applications and algorithms for collecting tokens, making matrics, calculating similarity are given. We also conducted experiments on open source codes for evaluation, with our GSIM tool. The results show the applicability of the proposed method and the effects of parameters such as threshold, toughness, length of tokens, on their quality and performance.

• International journal of advanced smart convergence
• /
• 제13권1호
• /
• pp.57-68
• /
• 2024

In this paper, we are interested in how creator economy startups allowing creators to make money from doing that they love. So, we look at European creator economy startups among Web3.0 business model landscape surveyed in 2022, because the US is home of Web2.0 giant platforms like YouTube. Totally seventeen European startups are investigated, and the theoretical logic is the disruptive innovation. We firstly review the survey published in 2022 and utilize the theory of the disruptive innovation to design the research framework including questions with each type of the disruptive innovation. In this paper, we firstly show, Kalao and Gem as NFT ecosystem platforms aim at service convenience. Secondly, Talkbase, Passionfroot, Bildr, Customuse, and Earnr aim at providing creator tools for under-skilled customers. Lastly, when it comes direct monetization with a decentralized business model, CrowdPad, Admix, GOALS, Realm, Dropstar, Pianity, Sonomo, Stage11, Miiji, and ReadyPlayerMe are representative. Despite the relatively small data size, the results are meaningful as they contribute to a more profound comprehension of the Web3.0 business models and offer guidance for future research directions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제29권2호
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• Proceedings of the KAIS Fall Conference
• /
• 한국산학기술학회 2010년도 추계학술발표논문집 1부
• /
• pp.239-242
• /
• 2010

웹 애플리케이션 해킹 방법인 CSRF(Cross Site Request Forgery) 공격은 2008년 2월에 온라인 경매사이트인 옥션에서의 1800만명의 개인정보를 유출 사고 피해를 입힌 공격이다. OWASP(Open Web Application Security Project)에서는 이 공격의 해결방안으로 동기화되고 고유한 토큰 값을 생성하여 페이지 요청 시에 이를 검증하는 시스템을 권고하고 있다. 따라서 본 논문에서는 이 공격을 방어하기 위한 방법으로 타임스탬프와 사용자 고유의 값인 전자서명을 토큰형태로 생성하여 Hidden Field에 삽입함으로써 검증하는 기법에 대해 연구하고자 한다.

• East Asian Journal of Business Economics (EAJBE)
• /
• 제11권1호
• /
• pp.1-19
• /
• 2023

Purpose - In this study, we aimed to theorize blockchain-based social media platform users' commitment by examining the impact of their perceived justice of the token reward system. In addition, this study applied psychological ownership theory to verify the underlying mechanism between users' perceptions of justice and their commitment to the platforms. Research design, data, and methodology - To empirically test our conceptual framework in the study, we collected data through a web-based survey approach from the responses of 385 users who had experience with blockchain-based social media platforms. We employed a structural equation modeling approach to empirically test our proposed hypotheses. Result - The results indicated that distributive justice and informational justice have positive effects on user commitment. The results also showed that psychological ownership plays an important role in mediating the relationship between users' sense of distributive justice and commitment, and between procedural justice and commitment. The findings provided a better understanding of the sense of justice and user commitment in a blockchain-based social media environment. Conclusion - This study represents a preliminary attempt to theorize and empirically examine blockchain-based social media platform users' commitment. This study provided important contributions to the literature on how the effect of users' sense of justice in a reward system affects their commitment to blockchain-based social media platforms.

• Journal of the Korea Society of Computer and Information
• /
• 제14권12호
• /
• pp.1-8
• /
• 2009

Grid services offer SSO(single sign-on) mechanism using GSI(grid security infrastructure) based on X.509. However. portal applications in web environment use ID and password model for single sign-on. Grid portals means a system which provides grid services by integrating portlet contents on single web interface. In existing research such as GAMA and PURSE, SSO for a whole grid portal is figured out in the way that user is authenticated by ID and password in front and call grid service via GSI at back-end. Other types of web applications outside of portlet framework cannot unfortunately access grid service in SSO way in the existing researches, because the SSO mechanism is developed for portlet framework only. In this paper, we suggest a SSO mechanism based on ID and password model, which forwards authentication information and a GSI token for grid access among portlets and grid-enabled web applications. This mechanism is applied to MGrid for SSO, which consists of applications of java web start, applet, servlet, and etc. as also as portlets.

• Journal of Internet Computing and Services
• /
• 제16권1호
• /
• pp.21-28
• /
• 2015

Currently there are wide variety of web services and applications available for users. Such services restrict access to only authorized users, and therefore its users often need to go through the inconvenience of getting an authentication from each service every time. To resolve of such inconvenience, a third party application with OAuth(Open Authorization) protocol that can provide restricted access to different web services has appeared. OAuth protocol provides applicable and flexible services to its users, but is exposed to reply attack, phishing attack, impersonation attack. Therefore we propose method that after authentication Access Token can be issued by using the E-mail authentication. In proposed method, regular user authentication success rate is high when value is 5 minutes. However, in the case of the attacker, the probability which can be gotten certificated is not more than the user contrast 0.3% within 5 minutes.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• 제5권1호
• /
• pp.16-20
• /
• 2004

This paper developed a secure web-based digital notary system. The system conforms to international standards, and gives users very good accessibility to it. The technologies and the application systems for timestamp-related services are not yet popularized, but they are potentially meaningful to many kinds of areas such as ecommerces, digital right managements, and internet mail systems. The digital notary system uses the timestamp requests and responses which conforms to rfc 3161. The system supports secure communication between web-based notary server and its clients by using SSL(Secure Socket Layer), and use nonces for prevention of replay attacks.