• Review of KIISC
• /
• v.18 no.5
• /
• pp.73-83
• /
• 2008

본 논문에서는 금융보안 OTP를 이용한 온라인 본인확인 방안을 제안한다. 현재 국내에서 신원확인 방식으로는 공인인 증서론 이용한 전자서명, 휴대폰SMS 발송번호, 신용카드정보 및 금융계좌정보 인증방식을 활용한 본인확인 방식이 사용되고 있다. 하지만, 공인인증서를 이용한 전자서명 방식이외의 방식은 명의도용된 휴대폰을 통한 본인확인과 신용카드 비밀번호 앞2자리 및 금융계좌의 비밀번호 4자리 입력 등 민감한 정보의 노출 위협 등의 문제점이 있다. 본 논문에서는 이와 같은 문제를 금융보안 OTP를 이용하여 안전하게 본인확인할 수 있는 방안을 제안한다. 제안된 방식은 웹사이트 회원가입, 게시판 글쓰기 등 온라인 본인확인이 필요한 경우에 언제든지 이용될 수 있고 아이핀(i-PIN)에서 본인확인 수단으로 도입된다면 개인정보를 보호할 수 있어 활용 가치가 높을 것이다.

• Review of KIISC
• /
• v.7 no.3
• /
• pp.23-38
• /
• 1997

SET은 인터넷과 같은 개방형 통신망에서 안전하고 효율적인 신용카드 기반의 전자 결제를 수행하기 위해 개발된 전자 지불 표준 프로토콜이다. SET을 기반으로하는 전자 지불 시스템은 크게 카드를 소지하고 있는 고객(Cardholder), 상품을 판매하고 대금 결제를 요구하는 상인(Merchant)기존의 은행과 연동하기위한 지불 게이트웨이(Payment gateway)로 구성되며 부가적인 요소로 인증기관(CA)을 포함하고 있다. SET은 고객과 상인, 상인과 은행간의 안전한 거래를 지원하기 위해 여러 가지의 강력한 암호화 알고리즘을 채용하고 있으며 이러한 SET의 보안성은 전자 상거래의 보급에 커다란 기여를 할 것으로 예상된다. 본 논문에서는 기존의 전자 지불 방식을 특성별로 분류하여 그 기능과 구성에 대해 검토하고 SET에서 사용된 보안 기술과 SET을 기반으로 하는 전자지불 시스템의 기능과 특성을 검토·분석한다.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.209-215
• /
• 2020

The environment of the Internet provides an efficient communication of the things which are connected. While internet and online service provide us many valuable benefits, online services offered and accessed remotely through internet also exposes us to many different types of security threats. Most security threats were just related to information leakage and the loss of authentication on client-server environment. In 2016, Ahmed et al. proposed an efficient lightweight remote user authentication protocol. However, Kang et al. show that it's scheme still unstable and inefficient. It cannot resist offline identity guessing attack and cannot provide session key confirmation property. Moreover, there is some risk of biometric information's recognition error. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since we only use hash function and XOR operation.

• Journal of Korea Multimedia Society
• /
• v.10 no.9
• /
• pp.1197-1208
• /
• 2007

These days, most of SMART card, JAVA card, picked up the JAVA Card Platform gets the position as a standard. Java Card technology provides implantation, platform portability and high security function to SMART Card. Compared to normal Smart Card, JAVA card has a defect that is a low running speed caused by a distinctive feature of JAVA programming language. Factors that affect JAVA Card execution speed are the method how to save the data and install the applets of JAVA Card installation instrument. In this paper, I will offer the plan to improve JAVA Card program's loading and execution speed. At Java Card program, writing, updating and deleting process for data at EEPROM can be improved of Java Card speed by using high speed RAM. For this, at JAVA Card as a application of RAM, I will present prefetching LRU-ORL Buffer Cache Technique that is suitable for Java Card environment. As a data character, managing all data created from JAVA Curd at Buffer Cache, decrease times of recording at maximum for EEPROM so that JAVA Card program upload and execution speed will be improved.

• Review of KIISC
• /
• v.10 no.3
• /
• pp.1-12
• /
• 2000

정보보호시스템을 평가하기 위한 기준은 보안기능 요구사항 및 보증요구 사항으로 이루어진다 본고에서는 미국의 TCSEC(Trusted Computer System Evaluation Criteria)과 유럽의 ITSEC(Information Technology Security Evaluation Criteria) 국제표준 (SIO/IEC 15408) 으로 제정된 CC(Common Criteria for Information Technology Secuirty Evaluation)의 보안 기능 요구사항을 비교, 분석하고 국내에서 개발된 침입차단시스템과 침입탐지시스템 평가기준, 현재개발중인 사용자인증용 스마트카드 평가기준의 보안기능 요구사항을 소개한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.285-288
• /
• 2005

유비쿼터스의 대중화가 되고 있는 지금의 보안체제는 너무 취약하다고 볼 수 있다. 공공기관이나 사무 공간에서의 보안은 더욱 필요한 실정이지만 사용자의 가치인식의 부족으로 최소한의 보안도 이루워지지 않고 있다. 현재 시스템에서 정보가 도용되었을 경우 언제, 누가, 어떻게 무엇을 했는지 알 수 없기다 하지만 유비쿼터스 생활속에서 이용되는 RF카드에 있는 정보를 이용하여 최소한의 보안을 지킬 수 있다. 따라서 본 논문에서는 RFID를 이용한 개인 신분 인증을 위한 인증 시스템을 설계하였다.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.281-286
• /
• 2003

Nowadays, a patient's private medical data which is exposed to the outside world has a severe effect on not only the patient's private life but also his/her social activities and environment. So, it is important to securely protect the patient's private medical data from the illegal manipulation. This paper studies the method to store the electronic prescription information in an IC card. For that, an access control for users, such as a doctor, a nurse, a medical institute member, a pharmacy, a pharmacist, or a patient, is proposed to access the data stored in an IC card. The certificate is issued using the Crypto API of a certificate management model supported by Windows 2000. The public/private key is created by the Cryptographic Service Provider program, and the electronic prescription is signed using the digital signature. The proposed system, therefore, can improve the quality of medical services by securing the safety and integrity of the electronic prescription, stored in an IC card.

• Journal of Digital Contents Society
• /
• v.12 no.2
• /
• pp.165-176
• /
• 2011

Recently, digital rights management (DRM) related researches are widely spreading with prosperity of IT industries. The DRM technology protects proprietor of copyright by preventing mischanneling and illegal copy. In this paper, we propose a new DRM model that has an enhanced and efficient protocol based on certificate using smart card. The proposed model overcomes weaknesses of WCDRM model and has following additional advantages: first, copy protection is enhanced by hiding user's specific information from attacker by storing the information within smart card; second, server load for contents encryption is reduced by making clear protocols among author, distributer, certificate authority, and users; third, offline user authentication is guaranteed by combining partial secret values in media players and smart card. Exposure of core information also is minimized by storing them in smart card. In addition, we show that the proposed system is more secure than WCDRM model by comparing various factors of anonymous attackers.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.2
• /
• pp.183-191
• /
• 2011

Recently Wang-Li proposed the remote user authentication scheme using smart cards. But the proposed scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we described the Wang-Li and Yoon et al.'s authentication scheme simply, and we prove that the Wang-Li's scheme is vulnerable to a password guessing attack and impersonation attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Accordingly, we propose the improved user authentication scheme based on the hash function and generalized ElGamal signature scheme that can withstand many possible attacks including a password guessing attack, impersonation attack and replay attack, and that can offer the function of forward secrecy. The result of comparative analysis, the our proposed scheme is much more secure and efficient than the Wang-Li and Yoon et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.379-388
• /
• 2020

As the use of credit cards increases, security threats increase. In particular, despite being vulnerable to related crimes, such as fraudulent use of credit cards and theft of names, there are virtually no security procedures to authenticate the validity of user while paying with the credit card. In order to overcome these limitations of current credit card payments, we add a process of signing payment using a stylus pen with built-in acceleration sensor in the existing transaction method, and classifying and comparing the image of the signature and signature information measured by the sensor through the convolutional neural network. we propose a method to improve security in financial transactions by performing the user authentication process through the possession of the stylus pen and the characteristic values of the signature.