Jungsoo Park

A secure patient information transfer method through delegated authorization

Malfunctioning or stopping of IoT equipment caused by failure to apply the security module can be fatal enough to threaten peoples lives. This study suggests a model to transmit and manage patients health and medical information safely through authorization in the IoT environment. Different with preceding studies that focus on saving patient information on the servers or improving access control, the proposed model considers threats related to process of patent information with efficiency. This study introduces a model where patients authorize representatives, who will be authenticated by hospitals, to transfer information to other hospitals safely for security, practicality, and efficiency. Patient information security transferred among hospitals via a delegated user trusted by the patient using an access token issued by Token Repository. The advantage of this model is that it does not allow staff members or hospitals to collect information without patients consent and thus reduces the risk of leaking patients sensitive personal information to other places as the Token Repository saves nothing but the Access Token.

IAM Architecture and Access Token Transmission Protocol in Inter-Cloud Environment

With the adoption of cloud computing, the number of companies that take advantage of cloud computing has increased. Additionally, various of existing service providers have moved their service onto the cloud and provided user with various cloud-based service. The management of user authentication and authorization in cloud-based service technology has become an important issue. This paper introduce a new technique for providing authentication and authorization with other inter-cloud IAM (Identity and Access Management). It is an essential and easy method for data sharing and communication between other cloud users. The proposed system uses the credentials of a user that has already joined an organization who would like to use other cloud services. When users of a cloud provider try to obtain access to the data of another cloud provider, part of credentials from IAM server will be forwarded to the cloud provider. Before the transaction, Access Agreement must be set for granting access to the resource of other Organization. a user can access the resource of other organization based on the control access configuration of the system. Using the above method, we could provide an effective and secure authentication system on the cloud.

Privacy enhancement using selective encryption scheme in data outsourcing

In this article, we introduce a practical scheme that dynamically secures and outsources data on demand as well as propose a corresponding architecture to securely process data in database service provider. We also adopt the application of bring your own device in this scheme as an enhanced security solution. After studying over 1300 database models, we expect this scheme can be applied in production with justifiable result.

A Study of OAuth 2.0 Risk Notification and Token Revocation from Resource Server

OAuth was created to simplify authentication procedure. OAuth is a protocol that allows access to the users assets in 3rd party web sites or applications without exposing the users identity and credential. OAuth can be used to grant the access rights for the user without exposing the users information to third parties. By utilizing the Token issued by the Authorization Server, client is able to gain access to the resources in the Resource Server. However, in current standards, the restrictions of token usage are not clearly defined. Although it specified Token expiration time, in reality, malicious client can reuse the Token to access Resource server. The existing Token Revocation operation has been carried out in a way that the client performs Revocation by requesting to the Authorization Server when special cases occur such as logout or identity change by resource owner. The revocation does not happen for the case that malicious code targets the Resource Server. This paper proposes a method for revoking the Token by requesting Revocation when the Resource Server performs abnormal behaviors by using Token.

Privacy enhancement for data outsourcing

The demand of storing and processing data online grows quickly to adapt to the rapid change of business. It could lead to crisis if the cloud service provider is compromised and data of users are exposed to attackers in plaintext. In this paper, we introduce a practical scheme that dynamically protects and outsources data on demand, as well as propose a corresponding architecture to securely process data in Database Service Provider. After studying over 1300 database models, we believe this scheme can be applied in production with justifiable result.