• The KIPS Transactions:PartC
• /
• v.12C no.1 s.97
• /
• pp.1-10
• /
• 2005

Electronic Data Interchange(EDI) between a number of companies goes on increasing on the internet. Although a conventional EDI system reduces business process efforts, time, resources, etc., important information is easily and frequently exposed by well trained hackers and crackers, which inflict a severe loss on the company and even put the company under a crisis. This study integrates the conventional EDI system and Virtual Private Tet(VPN) to maximize an overall efficiency of speed and security in data transferring by the level of importance. The EDI system interfaced to IPSec and L2TP of VPN allows us to select two modes : the one focuses on a high speed with a low or a medium level security or the other does on a high level security with a low or a medium level speed. Both the company and the end users get a lot of tangible and intangible advantages by integrating the EDI system and VPN.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.219-225
• /
• 2004

There is increasing tension in the Korean Peninsula from the US' putting the NK's nuclear issue along the line of war in Iraq. However, there is worsening in ROK's field exercise condition from decresing defense financial supports, being difficlut to obtain enough space for volumable exercises, and securities and circumstances issues. With acknowleging those problems, CPX(Command Post Exercise), namely war game exercise which is more economical and scientific exercise has earned its attention as the best alternative measure of field exercise war game exercise has already been applyied to independent, joint, and combined exercises. However, the current war game system contains lots of problems in terms of security. Defense network uses dedicated line isolated with internet and secure data through network level encoding. It is vulerable to get attack during war game exercise or from credited network. System security is also subject to reinforced. This research is performed focusing on network and system level securities, and through it, the author will show the effective and optimized security solution for war game system.

• Convergence Security Journal
• /
• v.12 no.3
• /
• pp.107-113
• /
• 2012

Due to the development of communications technology, it is now possible to be offered online from remote places. This kind of communications technology can be applied to the medical field. The medical treatment appointments in hospitals can be its typical example. But still, in most of hospitals, patient or guardian have to physically visit or call to the hospital to set up an appointment for the medical treatment. In addition, they have to wait in line in order to pay after receiving the medical treatment. The patient or guardian, after paying, receive a paper prescription and they go to a nearby pharmacy to take the medicines. They must wait in line again there in order to receive the medicine from the pharmacy. In this paper, we would like to suggest a smart medical treatment system in order to solve the problems discussed above. With this proposed system, the user will be able to make an appointment, make payments and receive medication quickly and easily without spending extra time. Also, there will be no need for paper prescriptions with this system. We discuss about the security of medical information for this proposed smart medical treatment system proposed.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.31-39
• /
• 2021

In the R&D of the Defense Weapon System, the evaluation of technical and operational aspects has been developed with the military's own test evaluation system, and organizations and procedures have been established and implemented. However, with the recent advancement of information and communication technology in the private sector, it is often necessary to test-apply it to the field by enhancing the operability and suitability of technologies required for defense before development is complete. This paper investigates and analyzes the process for conducing empirical tests on the latest AI vaccine system R&D prototype organized by the Ministry of Science and ICT which proposes an improved demonstration plan for the existing military information system test evaluation procedure. In addition, under the specificity and security of the defense environment, we would like to present a practical demonstration plan and the improvement of the process for demonstrating the security technology prototype.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.85-90
• /
• 2011

JPMP SID Tag is the security senor tag to provides physical information protective function using sensor module, has impossible feature to copy and fake the data which is stored in the tag. So data which is stored in the JPMP SID Tag has authenticity, integrity, originality. Therefore JPMP SID Tag could be applied in the place where the security of data is demanded. This paper propose the system using the JPMP SID Tag to acquire and protect digital evidence where cause investigation of accident is necessary. Also, proposed systems is complement of software security with composition secondary control logic for JPMP SID tag access control.

• Korean Security Journal
• /
• no.9
• /
• pp.237-260
• /
• 2005

Development of IT technology as well as arrival of information-oriented society raise the curtain of 'the era of Ubiquitous Computing', implying accessing computers beyond boundary of time and space. In this era, it is expected that IT paradigms and life-styles would be transformed immensely above the experiences of 20th century. However, improvement of technology summons a new risk of cyber terrorism which have not been in the past. Thus, it is urgent to prepare for the threats in the national level. This paper point out five major threats relating to 'the security in the era of Ubiquitous Computing'. : First, spread of threats in connection with BcN establishment, second, vulnerable information-security for wireless communication, third, leakage of private information, fourth, cyber terror and deterioration of security, fifth, security problems of Korea including the drain of military information and solutions in the views of organization, personnel, technology and budget, comparing with other countries.

• The Journal of Information Technology
• /
• v.1 no.1
• /
• pp.173-188
• /
• 1998

In this paper we discussed various types of electronic payment schemes that are emerging. Threats vary from malicious hackers attempting to crash a system, to threats to data or transaction integrity. An understanding of the various types of threats can assist a security manager in selecting appropriate cost-effective controls to protect valuable information resources. An overview of many of today's common threats presented in this paper will be useful to mangers studying their own threat environments with a view toward developing solutions specific to their organization. To ensure security on the Internet, several methods have been developed and deployed. They include authentication of users and servers, encryption, and data integrity. Transaction security is critical : without it, information transmitted over the Internet is susceptible to fraud and other misuse. So computer systems represents an Intermediary with the potential to access the flow of information between a user. Security is needed to ensure that intermediaries cannot eavesdrop on transactions, or copy/modify data. Online firms must take additional precautions to prevent security breaches. To protect consumer information, they must maintain physical security of their servers and control access to software passwords and private keys. Techniques such as secret and public-key encryption and digital signatures play a crucial role in developing consumer confidence in electronic commerce.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.97-101
• /
• 2007

The purpose of DRM is to protect the copyrights of content providers and to enable only designated users to access digital contents. From the consumers' point of view, they have a tendency to go against complex and confusing limitations. Moreover, consumers' rights of use of the content obtained legally were frequently harmed by arbitrary limitations. The concept of Authorized Domain (AD) was presented to remove such problems. However, the previous work on authorized domain has two problems. The first is that it requires a rather expensive revocation mechanism for withdraw process. The second is that the modules still can play contents which are previously obtained even though they are currently out of the authorized domain. On the contrary, our scheme presents the content from being played by modules which are out of the domain for better security. Furthermore our scheme does not need to maintain a revocation list and prevent replay attack.

• Journal of Digital Convergence
• /
• v.16 no.6
• /
• pp.205-212
• /
• 2018

This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.91-97
• /
• 2021

The United States is responding to evolving cyberattacks through the Commercial Solutions for Classified Program (CSfC). Authorized safety evaluation and certification are being carried out so that US government agencies can quickly introduce civilian commercial security products into the national pavilion. Commercial security products registered in the CSfC process can be used by defense agencies through a rapid approval process. Defense agencies approve commercial security products without duplicate evaluation. Approved security products can reduce the time, cost, and cost of the approval process required to implement the defense information system. In this study, security control for 4 types of network security architecture MSC (Multi-Site Connectivity), MA (Mobile Access), Campus WLAN, and DAR (Data at Rest) proposed by the US National Security Agency (NSA) for introduction to national defense A detailed analysis was performed on the items.