DOI QR코드

DOI QR Code

Technology Trends, Research and Design of AIM Framework for Authentication Information Management

인증 정보 관리를 위한 기술 동향과 AIM 프레임워크 연구 및 설계

  • Kim, Hyun-Joong (Gwangju Institute for Regional Program Evaluation) ;
  • Cha, Byung-Rae (School of Electrical Engineering and Computer Science, GIST) ;
  • Pan, Sung-Bum (Dept. of Electronics Engineering, Gawangju Chosun Univ.)
  • Received : 2016.06.01
  • Accepted : 2016.07.20
  • Published : 2016.07.28

Abstract

With mobile-epoch and emerging of Fin-tech, Bio-recognition technology utilizing bio-information in secure method has spread. Specially, In order to change convenient payment services and transportation cards, the combination of biometrics and mobile services are being expanded. The basic concept of authentication such as access control, IA&A, OpenID, OAuth 1.0a, SSO, and Biometrics techniques are investigated, and the protocol stack for security API platform, FIDO, SCIM, OAuth 2.0, JSON Identity Suite, Keystone of OpenStack, Cloud-based SSO, and AIM Agent are described detailed in aspect of application of AIM. The authentication technology in domestic and foreign will accelerate technology development and research of standardization centered in the federated FIDO Universal Authentication Framework(UAF) and Universal 2 Factor Framework(U2F). To accommodate the changing needs of the social computing paradigm recently in this paper, the trends of various authentication technology, and design and function of AIM framework was defined.

Keywords

Certificate information management;FIDO;AIM framework;Bio-recognition;FinTech

Acknowledgement

Grant : 웹 서비스 사용자 계정 정보 관리 및 유출/악용 탐지 기술 개발

Supported by : 정보통신기술진흥센터

References

  1. Jeong-Min Ryu, Yong-Mo Seo, Han-Jin Cho, "A Study on Business Model of Fintech - Focus on the Business model canvas," Journal of Digital Convergence, v.14, no.3, pp.191-196, March 2016. https://doi.org/10.14400/JDC.2016.14.2.191
  2. Jin-Hee Han, So-Hyun Jae, Bo-Hyun Kim, Jee-Sun Park, "Effects of Consumer Trust and Perceived Usefulness on Mobile Payments and Online Shopping Website Loyalty," Journal of Digital Convergence, v.13, no.12, pp.75-87, Dec. 2015.
  3. Soonduck Yoo, Gijung Nam, "e-MP service activation research to support SME financial settlement," Journal of Digital Convergence, v.11, no.12, 61-67, Dec. 2013. https://doi.org/10.14400/JDPM.2013.11.12.61
  4. Kwang-Jae Lee, Keun-Ho Lee, "Authentication Scheme using Biometrics in Intelligent Vehicle Network," Journal of the Korea Convergence Society, v.4, no. 3, pp. 15-20, 2013.
  5. Chung-Geon Song, Keun-Ho Lee, "Design of Authentication System using Biometrics for U-Healthcare Environment in M2M", Journal of the Korea Convergence Society, v.3, no.2, pp. 13-17, 2012.
  6. Chung-GeonSong, Keun-HoLee, "A Study on Safe Identification Card Using Fingerprint Recognition and Encrypted QR," Journal of Digital Convergence, v.12, no.6, 317-323, June 2014.
  7. Dong-Ryool Kim, "Secure One-Time Password Authentication in Mobile Environments," Journal of Digital Convergence, v.11, no.12, 423-430, Dec. 2013. https://doi.org/10.14400/JDPM.2013.11.12.423
  8. Hong SeungPyo, at el. "ICT Brief 2016-02, Institute for Information & Communications Technology Promotion," pp.45, March 2016.
  9. FIDO Alliance, https://fidoalliance.org/
  10. Ed Tittel, at el. "CISSP: Certified Information Systems Security Professional Study Guide," SYBEC, 2004.
  11. OpenID, https://en.wikipedia.org/wiki/OpenID, 2016
  12. OAuth, http://earlybird.kr/1584, 2016
  13. SSO, http://kcats.tistory.com/68, 2016
  14. Yeun-Dek Chung, "Effective Utilization and Problems of Biometrics," Intellectual Property 21, 2004.
  15. Hyung-Jin Mun, Kun-Hee Han, "A Study on Design for Efficient Personal Policy of Service based RBAC," Journal of Digital Convergence, v.14, no.2, pp.191-196, Feb. 2016. https://doi.org/10.14400/JDC.2016.14.2.191
  16. API Security: Deep Dive into OAuth and OpenID Connect, http://nordicapis.com/api-security-oauth-openid-connect-depth, 2016
  17. SCIM, https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management, 2016
  18. kerberos, https://en.wikipedia.org/wiki/Kerberos_(protocol), 2016
  19. x.509, https://en.wikipedia.org/wiki/X.509, 2016
  20. SAML 2.0, https://en.wikipedia.org/wiki/SAML_2.0, 2016
  21. Michael B. Jones, "Identity Management," ISQ (Information Standards Quarterly), Vol. 26, Issue 3, Fall 2014.
  22. OpenStack, https://www.openstack.org, 2016
  23. Keystone, http://docs.openstack.org/developer/keystone, 2016.
  24. Thomas E., Zaigham M., and Ricardo P., "Cloud Computing. Concepts, Technology & Architecture," Prentice Hall/PearsonPTR, ISBN: 9780133387520, 2014.
  25. Yun Sang Byun, Jin Kwak, "A Study on Integration Security Management Model in Cloud Environment," Journal of Digital Convergence, v.11, no.12, 407-415, Dec. 2013. https://doi.org/10.14400/JDPM.2013.11.12.407