DOI QR코드

DOI QR Code

Automatic Client Authentication Method in All-In-One Services

올인원 서비스에서 자동적인 고객 인증 기법

  • Kim, Namyun (Dept. of Information System Engineering, Hansung University)
  • 김남윤 (한성대학교 정보시스템공학과)
  • Received : 2015.11.14
  • Accepted : 2016.02.05
  • Published : 2016.02.29

Abstract

The all-in-one service, for example, mobile wallet enables users to have credit card, membership card, and coupon in one place. It has been one of important o2o services with offline payment. In order to take advantage of mobile commerce, it is necessary to authenticate clients automatically without entering their passwords. This paper proposes an automatic client authentication method in all-in-one service. At registration, clients receives and stores an authentication ticket from a company, which contains an user's identifier and password encrypted by company's symmetric key. Client can be authenticated by transferring authentication tickets to companies at service requests.

최근 신용 카드, 멤버쉽 카드, 쿠폰 등을 모아서 관리할 수 있는 올인원 서비스가 활성화되고 있다. 특히 오프라인 결제와 연계하여 O2O(Online to Offline)의 핵심 서비스로 등장하고 있다. 이러한 기업과의 모바일 상거래를 위해서는 고객의 인증 작업을 거쳐야 하는데, 고객이 기업별로 아이디/패스워드를 저장하거나 입력하는 작업은 매우 번거롭다. 따라서 본 논문에서는 올인원 서비스에서 자동적으로 고객을 인증하는 기법을 제안한다. 회원 등록시 고객은 기업으로부터 인증 티켓을 수신한 후, 단말기에 저장한다. 인증 티켓에는 고객의 아이디와 패스워드가 기업용 대칭 키로 암호화되어 있으며 서비스 요청시 인증 티켓을 전달함으로써 자동적으로 인증 절차가 이루어진다.

Keywords

References

  1. Byung-Rae Cha1, Sang-Hun Lee, Soo-Bong Park, Gun-Ki Lee, and Yoo-Kang, "Prototype Design of Mobile Micro-payment to Enhance Security by 2 Factor Authentication," International Journal of Security and Its Applications, Vol. 9, No. 8 2015.
  2. Jung-Oh Park, Byung-Wook Jin, "A Study on Authentication Method for Secure Payment in Fintech Environment," The Journal of IIBC, Vol. 15, No. 4, 2015.
  3. Susan Pandy, "Current Perspectives on the Mobile Wallet Evolution," Mobile Payments Industry Workgroup (MPIW), April 9-10, 2015.
  4. Sreekanth Malladi, Jim Alves-Foss, Robert B. Heckendorn, "On Preventing Replay Attacks on Security Protocols," Proc. International Conference on Security and Management, 2002.
  5. Mohammed A. Alnatheer, "Secure Socket Layer (SSL) Impact on Web Server Performance," Journal of Advances in Computer Networks, Vol. 2, No. 3, September 2014.
  6. S. Pavithra, Mrs. E. Ramadevi, "Study and Performance Analysis of Cryptography Algorithms," International Journal of Advanced Research in Computer Engineering & Technology, Volume 1, Issue 5, July 2012.
  7. Shanta, Jyoti Vashishtha, "Evaluating the Performance of Symmetric Key Algorithms: AES(Advanced Encryption Standard) and DES(Data Encryption Standard)," International Journal of Computational Engineering & Management, Vol. 15, Issue 4, July 2012.
  8. R. L. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public key cryptosystems," Communications of the ACM, 21:120-126, 1978. https://doi.org/10.1145/359340.359342