Journal of Intelligence and Information Systems (지능정보연구)

Korea Intelligent Information System Society (한국지능정보시스템학회)
권호 표지
DOI QR코드

DOI QR Code

Comparative Analysis of ViSCa Platform-based Mobile Payment Service with other Cases

스마트카드 가상화(ViSCa) 플랫폼 기반 모바일 결제 서비스 제안 및 타 사례와의 비교분석

  • 이준엽 (경희대학교 대학원 경영학과) ;
  • 이경전 (경희대학교 경영대학)
  • Received : 2014.06.16
  • Accepted : 2014.06.23
  • Published : 2014.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

본 연구는 스마트카드 가상화(ViSCa: Virtualization of Smart Cards) 플랫폼 기반의 모바일 결제 서비스를 제안하고 타 사례와 비교분석을 한다. 스마트카드 가상화 플랫폼 기반의 모바일 결제 서비스는 단말 가상화 기술을 이용하여 스마트카드 하드웨어를 가상화하고, 모바일 클라우드 기술을 통해 가상화된 스마트카드에 대한 통합 관리를 목표로 하는 Smart Cards as a Service (이하 SCaaS)이다. 스마트카드 가상화 플랫폼 기반 모바일 결제 서비스는 스마트카드를 가상화하여 클라우드에 저장한 후, 애플리케이션(이하 앱)을 통해 사용자 인증을 거쳐 모바일 클라우드에 저장된 스마트카드 중 한 가지를 선택하여 결제한다. 연구 범위 설정 및 사례 선정을 위해 선행연구에서 진행한 모바일 결제 서비스 분류 방식을 토대로 제안하는 서비스와 관련 있는 특징별, 서비스 유형별 그룹을 도출하였다. 공통적으로 기존 결제수단(신용카드) 정보를 모바일 기기에 저장하여 오프라인 매장에서 결제하는 특징을 지닌 것으로 나타났다. 도출된 그룹은 금융거래정보의 저장 위치에 따라 앱과 연결된 서버에 저장하는 '앱 방식'과 모바일 기기 내부의 보안요소(Secure Element, SE)에 금융거래정보가 담긴 IC(Integrated Circuit, 집적회로) 칩을 탑재하는 '모바일 카드 방식'으로, 2 가지 서비스 유형으로 나타낼 수 있다. 모바일 결제 서비스의 채택 요인 및 시장 환경 분석과 관련된 선행연구를 토대로 경제성, 범용성 보안성, 편리성, 응용성, 효율성, 총 6가지 비교분석을 위한 평가 요인을 도출하였으며, 스마트카드 가상화 플랫폼 기반 모바일 결제 서비스와 도출된 그룹에서 선정된 사례 5 가지를 비교 분석하였다.

Keywords

References

  1. Armbrust, M., A. Fox, R. Griffith, A. D. Joseph, R. Katz, A Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, M. Zaharia, "A view of cloud computing," Communications of The ACM, Vol.53, No.4, (2010).
  2. Bae, D. H., and C. J. Kim, "A Secure SMS Self-Authentication Method in Mobile Networks," Internet and Information Security, Vol.1, No.2, (2010), 24-41.
  3. Cearly, D., Top 10 Strategic Technology Trends for 2014, Gartner, 2013. Available at http://www.gartner.com/technology/research/top-10-technology-trends/?fnl=search&srcId=1-3478922254
  4. Choi, P. J., S. S. Park, and D. G. Kim, "Mobile Payment & Biometrics Convergence Technology Trends," Korea Institute of Information Security & Cryptology, Vol.22, No.4, (2012), 21-28.
  5. Dahlberg, T. and N. Mallat, "Mobile payment service development-managerial implications of consumer value perceptions," Proceeding of 10th European conference on Information Systems, (2002), 649-657.
  6. Dahlberg, T., N. Mallat, J. Ondrus and A. Zmijewska, "Past, present and future of mobile payments research: A literature review," Electronic Commerce Research and Applications, Vol.7, No.2, (2008), 165-181. https://doi.org/10.1016/j.elerap.2007.02.001
  7. Finnin, H., "Second Major security flaw found in Google Wallet....Rooted or not No One is safe," The Smartphone Champ, (2012.02.09.) Available at http://thesmartphonechamp.com/second-majorsecurity-flaw-found-in-google-wallet-rooted-or-not-no-one-is-safe-video/
  8. Insight Report: Investors in Cards and Payments, Timetric, 2014. Available at http://marketreportsstore.com/insight-report-investors-in-cards-and-payments/
  9. Janessa, R., Gartner Says Worldwide Mobile Payment Transaction Value to Surpass $235 Billion in 2013, Gartner, 2013.06.04. Available at: http://www.gartner.com/newsroom/id/2504915
  10. Jang, S. H., J. H. Lee, G. Y. Seung, and J. M. Oh, M-Payment: All about Mobile Payments, Cloud Nine, 2014
  11. Jo, H. K., Security Threats around the Mobile Card, AsiaToday, 2014.05.12. Available at http://www.asiatoday.co.kr/view.php?key=20140512010003357
  12. Joo, J. H., "An Analysis of Success Factors Important to Electronic Payment Systems Considering the Electronic Commerce Environment over the Internet in Korea," Asia Pacific Journal of Information Systems, Vol.9, No.1, (1999), 77-98.
  13. Kang, H. C., "Financial 마이크로SD-based Mobile Payment Service," The Institute of Electronics and Information Engineers, Vol.40, No.8, (2013), 55-63.
  14. Kang, W. J., "Latest Authentication Technology Trends and Prospects," Financial Security Association (FSA) Investigation Report, 2011.
  15. Kim, D. K., J. S. Park, and S. G. Lee, "Analysis on the Reception Intention of Mobile Payment Service Based on User's Type:Focused on Card-based Solution and Card less-based Solution," Proceedings of the The Korea Society of Management Information Systems, (2003), 553-559.
  16. Kim, H., J. H. Huh, and Anderson R. "On the Security of Internet Banking in South Korea," Dept. of Com-puter Science, Oxford Univ., 2010.
  17. Kim, T. H., Y.-r. Kang, "Mobile Payment Trends and Discussion of Implication for Service Activation," Korea Association for Telecommunication Polices, Vol.22, No.18, (2010), 1-36.
  18. Kim, T. H., Threat of Mobile Payment Security in Chaina, Boannews, 2014.05.01. Available at http://www.boannews.com/media/view.asp?idx=40843&kind=0
  19. Krueger, M., "The Future of M-payment: Business Options and Policy Issues," Electronic Payment Systems Observatory (ePSO), Background Paper No.2, (2001)
  20. Lee, K. J., M. H. Choi, and S. H. Kwon, "Current Status and Future of Mobile Payment Business Models," Korea Payment & Settlement Association, Vol.5, No.2, (2011), 63-83.
  21. Lee, S. H., H. Kim, and D. H. Lee, "Two-Factor Authentication Scheme based on Mobile Messenger with Improved Usability," Journal of Security Engineering, Vol.10, No.5, (2013), 549-566. https://doi.org/10.14257/jse.2013.10.5.02
  22. Min, C. H., and W. S. Ko, "The Empirical Research on Mobile Payment Commonplace Characteristics from the Recognition of Mobile Security Services," Korea Academic Society of e-Business, Vol.6, No.2, (2005), 43-53.
  23. Park, A.-r., and K. J. Lee, "Case study on Critical Success factor of noble payment service," Proceedings of the The Korea Society of Management Information Systems, (2013), 591-605.
  24. Seung, J. M., Y. T. Kim, Y. H. Jin, T. H. Kim, and J. H. Sa, "Investigation Report on Overseas Internet Banking Security Condition," Financial Security Association (FSA) Investigation Report, 2010.

Cited by

  1. 모바일 대중교통 정보서비스 어플리케이션 이용성 평가에 관한 연구: 서울 대중교통 모바일 앱을 대상으로 vol.33, pp.4, 2014, https://doi.org/10.3743/kosim.2016.33.4.225
  2. 핀테크 지급결제 서비스 수용 저항요인 연구 : 혁신저항이론과 현상유지편향이론을 중심으로 vol.27, pp.1, 2014, https://doi.org/10.5859/kais.2018.27.1.133