• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.4
• /
• pp.855-863
• /
• 2015

In this paper, we present a novel method to verify the financial site and prevent sensitive information disclosure with financial security card and smart phone. This method allows homepage access when user accesses to the valid site with right security card and smart phone. Furthermore, traditional OTP method cannot be secure against to Man in the middle attack, but out method presents the countermeasure of this. User can readily recognize the phishing and pharming sites and even avoid Man in the middle attack by malicious users.

• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.89-97
• /
• 2007

Recently, a large number of authentication schemes based on smart cards have been proposed, using the thinking of OTP (one-time password) to withstand replay attack. Unfortunately, if these schemes implement on PCs instead of smart cards, most of themcannot withstand impersonation attack and Stolen-Verifier attack since the data on PCs is easy to read and steal. In this paper, a secure authentication scheme based on a security key and a renewable token is proposed to implement on PCs. A comparison with other schemes demonstrates the proposed scheme has following merits: (1) Withstanding Stolen-Verifier attack (2) Withstanding Impersonation attack (3) Providing mutual authentication; (4) Easy to construct secure session keys.

• The Journal of Society for e-Business Studies
• /
• v.17 no.4
• /
• pp.1-16
• /
• 2012

Shieh and Wang [10] recently proposed an efficient mutual authentication scheme that combined the cost-effectiveness of operations of Lee et al. [6]. scheme and the security and key agreement of Chen and Yeh scheme. Shieh and Wang [10] scheme, however, does not satisfy the security requirements against a third party (the man-in the middle, attacker) that have to be considered in remote user authentication scheme using password-based smart cards. Shieh and Wang weaknesses are the inappropriateness that it cannot verify the forged message in 3-way handshaking mutual authentication, and the vulnerability that the system (server) secret key can easily be exposed. This paper investigates the problems of Shieh and Wang scheme in the verification procedure of the forged messages intercepted by the eavesdrop. An enhanced two-way remote user authentication scheme is proposed that is safe and strong against multiple attacks by adding the ability to perform integrity check on the server and proposed scheme is not expose user password information and the system's confidential information.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.81-93
• /
• 2013

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.349-351
• /
• 2005

스마트 카드 보급의 확산과 더불어 CEPS(Common Electronic Purse Specification) 전자지갑 규제 표준을 기반으로 한 전자상거래 서비스의 개발이 활성화 되고 있다. 전자상거래 프로토콜은 그 특성상, 소비자와 상인간의 정확한 물품 거래가 이루어져야 할 뿐만 아니라, 문제 발생시 상호간의 원인규명을 판단하기 위한 기준이 마련되어 있어야 한다. 본 논문에서는 CSP 언어를 이용하여 CEPS 기반 전자상거래 프로토콜의 행위를 정형 명세하였고, FDR 도구를 이용하여 전자상거래 관점에서 문제점을 분석해 보았다.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.73-84
• /
• 2003

Due to the problems of existing prepaid plastic card issued by Korea Highway Company, the prepaid electronic payment system using a smart card, called HipassPLUS Card, was developed to overcome the Problems. PSAM is one of the main component of the systea which can retrieve the value from HipassPLUS card, transmit the transaction data to CSAM, and store the accumulated account lists. For the safety of the elecoonic payment system, the functions of PSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of the payment mechanism to insure that the value stored in HipassPLUS card can be raid to PSAM by the merchants and the standardized SAM. The test module also inspects the transmission mechanism to send and store the transaction data kom PShM to CSAM correctly and safely. Ihe module is designed to test the standard items using the test checklists for PSAM. The test items and the test checklists of PShM was selected under the provision of the specification of Korea Highway Company and ISO standard. Ihe evaluation on PSAM using the test module indicates that PSAM satisfies the evaluation criteria on the quality characteristics of the functionality, security, and compatibility.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.1
• /
• pp.82-87
• /
• 2002

In the rapidly growing e-business area, the protection of information from hacking or tapping becomes very serious issue. Therefore, the more effective, convenient and secure methods are required to make the e-business more active. in this study, we develop the effective method of protecting digital contents on the public key infrastructure. To do this, we propose the partial encryption scheme to reduce the encryption time, and therefore, to release the server's workload. Our suggested scheme is believed to bring the strong competition to the portal service agents.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.7
• /
• pp.1204-1209
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking, stock dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.517-520
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking stork dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• Review of KIISC
• /
• v.12 no.3
• /
• pp.48-56
• /
• 2002

전자상거래의 트래픽이 엄청나게 증가하고 많은 사용자들이 안전한 온라인 거래를 요구함에 따라 고속 암호연산 프로세서의 필요성은 증대되고 있다. 고속 암호연산 프로세서란 복잡한 연산이 많은 암호방식의 연산 속도를 가속시키기 위한 보조프로세서이다. 본 고에서는 암호 사업분야 중 고속 암호연산 프로세서의 필요성을 알아보고 국내·외제품들을 분류한 뒤 프로세서들의 기능, 성능비교 및 안전성을 위주로 조사·분석하였다. 또한 고속 암호연산 프로세서의 전망 및 발전방향을 알아보고 프로세서가 사용되는 SSL가속기, IPSec가속기, HSM, 스마트카드 제품들의 성능을 위주로 소개하기로 한다.