• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.564-567
• /
• 2003

XML has weakness problems on document modulation and elimination of data Because of the XML gives priority to present data format, XML electrical signature, XML cryptography, or XML access control is provided to overcome those weakness problems. However, structured XML efficiency contravention problem occurred from XML encryption and absence of protection from DTD attack are still remains unsolved. In this paper, we provide XML scheme that satisfies both efficiency and encryption. DTD is unnecessary because XML scheme supports formatting(Well-Formed XML) XML documents and it also include meta information. Because of the XML scheme has possibility to generate each XML document dynamically and self efficiency investigator rule, it has an advantage on extendability of DID based encryption of XML documents.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.193-195
• /
• 2005

국내의 한 인터넷 경매업체는 "대한민국 국민 5명 중 한명은 이미 자신들의 경매를 경험해 보았다." 라고 광고할 정도로 웹 기반의 전자상거래는 이미 우리의 일상생활에 깊이 파고든 상태이며, 이제는 단순한 웹상의 전자상거래 뿐이 아닌 웹 서비스 개념의 시대가 현실화 되고 있는 시점이다. 이러한 흐름 속에서 XML은 데이터만을 따로 표현할 수 있다는 특성에 의하여 업계의 표준으로 떠올랐으며, 자연스럽게 이와 더불어 XML의 보안기능은 주목을 받고 있다. XML 전자서명, XML 암호화, XML 키 관리 명세는 주요한 XML 보안기술로서 표준화가 진행되어 많은 부분 완료되었다. 이에 따라 표준을 구현한 제품들이 출시되어 상용화되고 있다. 이러한 제품들은 표준에 적합하도록 개발되어야만 제품의 목적인 안정성과 각 제품들 간의 상호운용성에 있어서의 신뢰도를 검증받을 수 있다. 이에 본 논문에서는 XML 암호화에 대한 표준 적합성 시험 방법을 제시하고 시험도구를 구현하였다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.8
• /
• pp.1441-1447
• /
• 2008

It is possible to transfer huge data in mobile device by advancing mobile technology, and so in this base, various services are offered. Especially, E-commerce service is offering on mobile environment, and this service is based on XML(eXtensible Markup Language) Signature. XML Signature assure that process integrity, message authentication, and/or signer authentication. And WIPI(Wireless Internet Protocol for Interoperability) that is mobile internet integration platform was proposed to integrate mobile device platform. However, because WIPI transmits and exchanges message by tort of XML base, encryption of XML document and necessity of XML signature are increasing because of weakness of security. Therefor in this paper, Encryption and XML signature module of XML document that satisfy standard requirement in WIPI platform base design and implementation. System that was proposed in this paper used standard encryption and XML signature algorithm and supports safe encryption and XML signature through doing security simulation applied various algorithm for XML document of mobile environment.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.532-534
• /
• 2004

현존하고 있는 HTML(Hyper Text Markup Language)기반 인터넷 전자투표 시스템의 대안으로 웹 환경에서 XML(Xtensible Markup Language)표준기술을 이용하여 이기종간의 시스템에서 동작가능하고 HTML의 구조적 단점을 보완하며 전자투표와 관련한 데이터를 XML로 저장하고, 표준화된 XML문서 인중과 데이터 무결성, 기밀성, 송신 부인봉쇄 등의 보안 서비스를 제공할 뿐만 아니라 부분 서명과 암호화가 가능하며 구현 측면에 있어서 편리함을 제공할 수 있는 XML 기반의 전자투표 시스템을 설계한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.6
• /
• pp.1416-1422
• /
• 2010

Various other platforms have appeared due to the abolishment of WIPI requirement and increased problems related with hacking and security. Since levels consisting of these platforms are composed of various APIs (Application Programming Interfaces) which are not standardized, other ways must be considered to protect data which are transferred using XML formats. Therefore, XML encryption API and XML digital signature API for data protection and certification, which are both responsible to define mark-up languages for XML encryption and digital signature respectively, were designed in this paper. The simulation system which played the role of the server and client between two terminal units was realized to validate the APIs.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.9
• /
• pp.217-222
• /
• 2016

Recent research on integrated and peer-to-peer databases has produced new methods for handling various types of shared-group and process data. This paper with data publishing, where the publisher needs to specify certain sensitive information that should be protected. The proposed method cannot infer the user's sensitive information is leaked by XML constraints. In addition, the proposed secure framework uses encrypt to prevent the leakage of sensitive information from authorized users. In this framework, each node of sensitive data in an eXtensible Markup Language (XML) document is encrypted separately. All of the encrypted data are moved from their original document, and are bundled with an encrypted structure index. Our experiments show that the proposed framework prevents information being leaked via data inference.

• Journal of KIISE:Databases
• /
• v.29 no.6
• /
• pp.417-428
• /
• 2002

XML(extensible Markup Language) is effective to information retrieval and sharing but has defects related to the data security. And, as a solution of this problem, the current XML security researches such as XML digital signature, XML data encryption, and XML access control exclude the validation property of XML document. The validation of XML should be considered for the secure information sharing in the XML-based environment. In this paper, we design and implement the system to support both security and validation to XML document. Our system performs data encryption and maintenance of valid status of XML document by referencing new XML schema namespace. In addition, it also provides the XML schema security function through the XML schema digital signature. During generating XML schema digital signature, DOMHash method which has the advantage of the faster speed than canonical XML method is applied to XML schema. In conclusion, our system shows the improved functions in flexibility, scalability, and reliability compared with the existing XML security researches.

• The Journal of Korean Association of Computer Education
• /
• v.7 no.4
• /
• pp.61-66
• /
• 2004

Electronic commerce that use Mobile Phone according as the radio Internet develops rapidly and performance of Mobile Phone develops is activated. It is said that electronic commerce that use these Mobile Phone is M-Commerce. Also, the most important controversial point is data security or an user certification technology at these electronic commerce, there are research reactor WPKI and WTLS about this technology. However, when transmit message again after sign electronic documents in Mobile Phone, if do not encrypt, danger exists to be exposed to outside. Therefore, in this paper, designed system to encipher document that handle and handles user certification applying XML electronic sign technique in Mobile environment. Prevent of XML electronic sign in Mobile environment through this paper, and can stave off danger from outside by enciphering electronic sign document.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10c
• /
• pp.706-708
• /
• 2001

인터넷 기술의 비약적인 발전으로 상품 및 서비스 구매나 발주 광고 활동 등 인터넷을 기반으로 행하는 전자상거래가 활발해지면서 대량의 전자문서를 관리하는 효율적인 정보서비스가 요구되어 왔다. 이에 따라 서로 다른 기종간의 효율적인 문서정보 교환을 위한 여러 표준화 작업들이 이루어져 왔는데, 그 중 인터넷 상에서 구조화된 전자문서를 표현하고 처리하기 위한 표준으로 W3C 에서 XML이 발표되었다. 그러나 전자상거래의 활성화로 XML 문서의 전송 중 개인정보 유출에 대한 위협이 있을 수 있는데, 본 논문에서는 특정 부분에 대한 암호화를 지원할 수 있는 XML의 구조적 특징을 이용한 XML 메시지 암호화 전송 기법을 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.53-61
• /
• 2002

In this paper, we will introduce a design of key recovery based on XML can be used in B2B environment. XML Digital Signature and XML Encryption that are defied recently as standards by W3C(World Wide Web Consortium) are deployed to sign/verify or encrypt/decrypt documents for electronic commerce and keys to store/load at/from key recovery server. The result of signature or encryption is always an XML document and all messages used in this key recovery system are also XML documents. It enables to adapt transparently this key recovery system to legacy XML applications and electronic commerce platforms based on XML. And its method for key recovery is key escrow. One of the characteristics of this key recovery is that one enterprise can recover keys of some documents for electronic commerce from external key recovery system in other enterprises related with them and also recover keys from owns.