• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.4 no.3
• /
• pp.182-188
• /
• 2011

Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, this paper proposes the improved user authentication scheme based on the hash functin and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the proposed scheme is more secure and efficient than Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.05a
• /
• pp.435-438
• /
• 2003

The MS card data transfer system using blue-tooth protocol ran communicate the MS card data wirelessly and does not take an extra communication expense which is a weakness point of existing wireless communication system. This Blue-tooth system, which has excellent security and no extra communication expense, can efficiently communicate data of the place ,where can be solved with small scale wireless network, such as the theme-park or gasoline-station. Existing wireless communication system compose network using wireless-LAN protocol which has extra communication expense, or with RF protocol which has poor security. But this system suitable for LAN because it has not extra communication expense and it has excellent security cause frequency-hopping of Blue-tooth protocol. The MS card data transfer system using blue-tooth protocol has low power, high performance RISC processor and large scale 16-gray graphic LCD which is suitable for portable unit. The MS card data transfer system can efficiently control depot for a long time because it has low power, excellent security and no extra communication expense.

• Journal of Digital Convergence
• /
• v.16 no.10
• /
• pp.235-241
• /
• 2018

The printout management system should analyze the pattern of existence of personal information (resident number, card number) in the output log and users should be provided with functions such as warning message pop-up, forced printing termination, mailing to administrator, independently logs management. Authentication management can also be performed only by registered users by installing an agent on a user PC, and it should have a restriction function to permit or deny work according to user information. In addition, when printing/copying/scanning using this equipment, it is possible to use document printing and multifunction copier after ID card authentication and ID/PW should be input to device when ID card is not used. In this study, we developed these interfaces with WOWSOFT co., Ltd, a security company that has better technology than the existing printout security methods, to construct the printout management system. Also we designed the interface of basic functions necessary for printout management and contributed to the establishment of printout management system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.1
• /
• pp.902-905
• /
• 2005

In this paper we challenge the mobile node Authentication using Java Card authentication protocol in Ad-hoc network environment. Ad-hoc network is a collection of wireless mobile nodes without the support of a stationary infrastructure. and DSR routing protocol, which is one of famous mobile ad-hoc rooting protocols, has the following network path problem. this paper is the security structure that defined in a mobile network and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a problem on the design that uses Ad-hoc based structure and transmission hierarchical security back of a mobile network, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Java Card Authentication of mobile node can possibly be applied to the area of M-Commerce, Wireless Security, and Ubiquitous Computing and so on.

• Journal of Internet Computing and Services
• /
• v.15 no.2
• /
• pp.129-142
• /
• 2014

Latest in Smart Grid projects are emerging as the biggest issue that smart meter should meet the security goal and the SW upgrade for compliance with future standard. However, unlike regular equipment, Smart meters should be designed in accordance with the regulation of legal metrology instrument in order to establish a fair trade-based business and unauthorized changes, it is not allowed and it is strictly limited by law. Therefore, this paper propose a new scheme of certification regarding type approval and verification for legal smart meter as analyzing the requirements of a smart meter regarding upgrade and security. This analysis shows that the proposed scheme comply with the regulation and the specification of smart meter by applying it to smart meter with smart card.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.351-354
• /
• 2009

In the internet communication technology, authentication of the user is main task. So far, very popular researches have been proposed for user authentications based on user_id and password. These existing methods have some merits as well as demerits also. In this paper, we analyzed the existing authentication method problems and implement a secure PingPong-128 based key generator for internet technology. In our new scheme, we are using one time password and security card numbers to generate the secure tokens for the user and internet service provider.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.81-89
• /
• 2003

With the rapid development of information and communication technology, online dissemination increases rapidly. So, It becomes more important to protect information. Recently the authentication system using public key infrastructure (PKI) is being utilized as an information protection infrastructure for electronic business transactions. And the smartcard system makes the most use of such an infrastructure. But because the certification based on the current PKI provides oかy basic user certification information, the use has to be limited in various application services that need the identification and authorization information as well as face-to-face information of the user. In order to protect a system from various kinds backings and related treats, we have proposed angular and private key multiplexing for prevention of smartcard forgery and alteration based on a photopolymer cryptosystem. When smartcard becomes prone to forgery and alteration, we should be able to verify it. Also, our parer proposes a new authentication system using multi authentication based on PKI. The smartcard has an excellent advantage in security and moving.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10c
• /
• pp.198-200
• /
• 2000

IMP-2000은 다양한 이동전화 시스템의 규격을 통일하여 세계 어느 곳에서도 하나의 단말기 또는 사용자 접속 카드로 서비스를 이용할 수 있도록 하는 글로벌 멀티미디어 서비스이다. 본 논문은 IMP-2000의 어플리케이션중 범용 개인 통신 서비스인 UPT 서비스의 정보 보안 방법을 모색하여 본다. 과금 서비스인 UPT 서비스는 malicious person의 공격에 의한 금전적 손실을 차단하기 위하여 가입자 인증 정보의 보안이 필요하다. 본 논문에서는 ATM 교환기를 사용하는 IMP-2000 시스템에서 지능망 프로토콜로 메시지를 주고받는 UPT 서비스 시나리오 및 공격 시나리오를 분석하고, RSA 암호 기법을 적용한다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1992.11a
• /
• pp.211-224
• /
• 1992

컴퓨터의 이용이 대중화되면서 PC의 확대보급으로 데이타 보안의 필요성이 강조되고 있어 본 논문에서는 PC보안의 필요성을 인식하고 PC에서의 처리, 운용되는 자료들을 보호하기 위해서 패스워드 인증, 파일 속성 변경, DES암호 알고리즘을 이용한 파일 암호화 제어, 시스템 액세스 사용자 기록 등의 기능을 적용한 PC보안시스템을 설계 및 구현하였다. 특히 키 관리에 있어서는 인증을 위한 사용자_ID와 파일 암호화키를 사용자 패스워드로 재암호화 시켜 IC카드 대신 플로피 디스켓트에 저장 보관시키고 사용자 패스워드는 사용자 자신이 직접 보관하게 하는 혼용방법을 사용하였다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.283-284
• /
• 2015

본 논문에서는 기존 인증체계의 문제점을 살펴보고 이를 개선하기 위한 방안을 제안한다. 현재 국내에서 금융관련 서비스에서 공인인증서를 사용하는 서비스가 대부분이나 실용성 및 보안 문제로 인해 최근 정부에서는 공인인증서 사용 의무제도를 폐지하기에 이르렀지만 현재 공인인증서를 대체할만한 안전한 수단을 확보하지 못했고 기존의 OTP나 보안카드로 공인인증서의 공백을 메우기에는 역부족이다. 따라서 공인인증서를 대체할 수 있는 인증방안에 대해 제안하고 이를 통해 보다 안전한 인터넷 전자상거래를 유도하고자 한다.