• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.2
• /
• pp.41-46
• /
• 2016

Fast growth of smartphone technology and advent of Fintech enabled smartphones to deal with more sensitive information. Although many devices applying biometric technology are released as a step for protecting sensitive information securely, there can be potential vulnerabilities if security is not considered at the design stage of a biometric system. By analyzing the potential vulnerabilities, we classify threats in biometric system design process on smartphones and we propose the design requirements for solving these problems. In addition, we propose a framework for secure biometric system design on smartphone by synthesizing the design requirements.

• The Journal of Information Systems
• /
• v.32 no.3
• /
• pp.183-203
• /
• 2023

Purpose The purpose of this study is to examine the current operational status and problems of the Public Warning System (PWS) in China, and to propose feasible solutions to improve the performance and efficiency of the PWS through a comparative analysis with the Cell Broadcast Service (CBS)-based disaster SMS system adopted by other developed countries in the world. Design/methodology/approach In this study, the characteristics of PWS using SMS, applications, and CBS, respectively, are analyzed in detail, and compared and analyzed in terms of convenience, standardization, data security, speed, and location accuracy. In addition, CBS-based PWS in developed countries, such as U.S., E.U., Korea and Japan, were studied and their performance on key criteria was evaluated. Findings Based on the results of the study, the problems of China's PWS are summarized and recommendations are made to improve the PWS through the introduction of CBS technology. To this end, specific improvement measures are proposed in terms of the application of CBS technology, system construction and operation, and improvement of data security. In addition, the comparative analysis of PWSs in other developed countries is conducted to provide reference for the direction of PWS's improvement.

• The KIPS Transactions:PartD
• /
• v.14D no.3 s.113
• /
• pp.303-310
• /
• 2007

Information system failure is various such as program test unpreparedness, physical facilities for damage prevention unpreparedness from simple software error. Although cross is trifling the result causes vast damage. Recently, became difficult by simple outside security system to solve this problem. Now, synthetic countermove establishment and suitable confrontation connected with danger came in necessary visual point about general Information Technology of enterprise. In connection with, in this paper, various informations and system and control about data that can happen information inside and outside considering integrity for IT resource, solubility, confidentiality within organization studied about special quality to model synthetic Risk Management System that can of course and cope in danger.

• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Annual Conference of KIPS
• /
• 2012.11a
• /
• pp.1632-1635
• /
• 2012

연구기관의 연구 활동에 대한 평가는 연구기관에 소속된 연구자들의 논문으로 연구 활동을 분석함으로써 이루어질 수 있다. 논문으로 연구 활동을 분석하여 연구기관에 대한 평가를 하기 위해서는 논문을 작성한 저자의 소속기관이 가장 먼저 식별되어야 한다. 본 논문에서는 국내 과학학술지 논문에 대한 저자의 소속 연구기관을 식별하는 시스템을 구축하여 각 연구기관의 연구 활동에 대하여 분석해 보았다. 이러한 시스템을 기반으로 연구기관별 논문 수, 피인용 횟수, 1회 이상 피인용 된 논문 수 등의 기본 연구 활동을 분석하여 얻은 결과는 연구 기관 평가의 근거로 사용할 있으며, 나아가 특정 분야에서 강세를 보이는 연구기관과 연구기관끼리의 협업 관계를 분석하여 정책에 활용할 수도 있다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.10a
• /
• pp.211-212
• /
• 2014

This paper is to suggest the security requirements for identification and authentication in analysis step. Firstly, individual ID should be uniquely identified. The second element is to apply the length limitations, combination and periodic changes of passwords. The third should require the more reinforced authentication methods besides ID and passwords and satisfy the defined security elements on authentication process.

• Knowledge Management Research
• /
• v.20 no.3
• /
• pp.91-106
• /
• 2019

In the era of the 4th Industrial Revolution, the importance of information protection is increasing day by day with the advent of the 'hyper-connection society', and related government financial investment is also increasing. The source of the government's fiscal investment projects is taxpayers' money. Therefore, the government needs to evaluate the effectiveness and feasibility of the project by comparing the public benefits created by the financial investment projects with the costs required for it. At present, preliminary feasibility study system which evaluates the feasibility of government financial investment projects in Korea has been implemented since 1994, but most of them have been actively carried out only in some fields such as large SOC projects. In this study, we discuss the feasibility evaluation of public projects for the purpose of information security. we introduce the case study of the personal information protection program of Korean public institutions and propose a cost-effectiveness analysis method that can be applied to the feasibility study of the information protection field. Finally, we presented the feasibility study and criteria applicable in the field of information security.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.121-126
• /
• 2018

The development of modern ICT and network technologies has made the business environment smart.and under such circumstances, a great deal of data is being generated, stored and used. The important information that becomes an energy source for corporate management creates economic profit and value and is also utilized as a basis for strong influence. Therefore, important information must ensure its availability and convenience while ensuring confidentiality and integrity, which is the basic objective of information protection. However, most companies are seeing more and more incidents of serious damage due to the leakage of important internal information. In this study, we deal with the Data Loss Prevention (DLP) technologies and solutions to prevent internal information leakage and establish stable data security and information protection management.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.171-180
• /
• 2013

Data security is always an important issue. In particular, the current emerging cloud computing system inevitably raises the issue of data security. However, data security is no longer safe with a simple way, but requires rather advanced method to secure the data. In this paper, instead of exploiting the existing text-based cryptography approach an image-based access control of data content is studied to present a higher level of data security. Color key chain is generated both using histogram value of the original image, and the location information and featured color information extracted by geometric transformation to form the security key to access secure data content. Finally, the paper addresses design interface and implementation for data content access control for evaluation of the proposed scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.1
• /
• pp.210-216
• /
• 2005

In many real-time applications, security is another important requirement, since the secure real time database system maintains sensitive information to be shared by multiple users with different levels of security clearance or to be attacked by hackers with ill will. Encryption policies are necessary for the security of secure real-time database systems in addition to the existing security methods, too. However, there has not been much work for the encryption policies in secure real-time database systems, although sensitive information must be safeguarded in real-time systems as well. In this paper, we propose a encryption manager for the purpose of solving the encryption policies of the secure real-time database systems. What is important in the encryption policies of secure real-time database systems is security and timeliness. A significant feature of the proposed encryption manager is the ability to dynamically adapt a encryption algorithm that consider transaction deadline and security level.