- Volume 9 Issue 3
Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.
Login;Multi-factor Authentication;Security Card;Biometric Information;Authentication System
- 장혜진, '클라이언트 다운로드 방식의 안전한 로 그인 프로세스의 설계 및 구현', 상명대학교 산업 과학연구소 논문집, Vol.11 No.1, pp.345-348, 2001.
- 서종원, 조제경, 이형우, 'Spam mail 방지를 위한 SMS(Short Message Service) 송신자 인증 방법 에 관한 연구', 2006년도 한국정보보호학회 동계 학술대회, Vol.16, No.2, pp.234-238, 2006.
- M. Stuart, S. Samuil, and S. Shreeraj, '웹해킹 (공격과방어)', 피어슨에듀케이션코리아, 2006.
- 추성호, 제갈명, 박홍성, "일회용 암호를 이용한 국산 암호 인증 시스템", 멀티미디어학술회의 논문집, Vol.5, No.1, pp.127-131, 2002.
- A. K. Jain, A. Ross, and S. Prabhakar, 'ingerprint matching using minutiae and texture features," to appear in the International Conference on Image Processing(ICIP), Greece, 2001(10)
- O. Peter, "Biometric generation of digital keys," Mini Symposium, DMIS-BUTE, 2001
- P. Janbandhu and M. Siyal, "Novel biometric digital signatures for Internet-based applications," Information Management & Computer Security, Vol.9, No.5, pp.205-212, 2001. https://doi.org/10.1108/09685220110408022
- R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, Vol.21, pp.120-126, 1978. https://doi.org/10.1145/359340.359342
- T. ElGamal, "A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms," IEEE Transactions on Information Theory, Vol.IT-30, No.4, pp.469-472, 1985. https://doi.org/10.1109/TIT.1985.1057074
- P. Tuyls and J. Goseling, "Capacity and examples of template-protecting biometric authentication systems," Proceedings of BioAW 2004, Lecture Notes in Computer Science 3087, Springer-Verlag, pp.158-170, 2004.
- X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A. Smith, "Secure remote authentication using biometrics," Advances in Cryptology - EUROCRYPT 2005, Lecture Notes in Computer Science 3494, Springer-Verlag, pp.147-163, 2005.