• Review of KIISC
• /
• v.29 no.4
• /
• pp.29-34
• /
• 2019

바이오인식기술은 사람의 지문 얼굴 홍채 정맥 등 신체적 특징(Physiological characteristics) 또는 음성 서명 자판 걸음걸이 등 행동적 특징(Behavioral characteristics)을 자동화된 IT 기술로 추출 저장하여 다양한 IT 기기로 개인의 신원을 확인하는 사용자 인증기술이다. 전통적으로 바이오인식기술은 출입국심사(전자여권, 승무원 승객 신원확인), 출입통제(도어락, 출입 근태관리), 행정(무인민원발급, 전자조달), 사회복지(미아찾기, 복지기금관리), 의료(원격의료, 의료진 환자 신원확인), 정보통신(휴대폰인증, PC 인터넷 로그인), 금융(온라인 뱅킹, ATM 현금인출) 등 다방면에서 폭넓게 보급되어 실생활 깊숙이 자리잡게 되었다. 2001년 미국의 911 테러사건으로 인하여 전 세계 국제공항 항만 국경에서 지문 얼굴 홍채 등 바이오정보를 이용한 출입국심사가 보편화됨과 동시에 ISO/IEC JTC1 SC37(Biometrics) 국제표준화기구를 중심으로 표준화가 급속도로 진행되어 왔다. 최근 들어 스마트폰 테블릿 PC 등 모바일기기에 지문 얼굴 등 바이오정보를 탑재하여 다양한 모바일 응용서비스를 가능하게 해주는 모바일 바이오인식 응용기술이 전 세계적으로 개발 보급되고, 삼성전자 페이팔 중심으로 바이오인식기술을 이용한 모바일 지급결제솔루션에 대하여 페이팔 구글 마이크로소프트 비자카드 마스터카드 등 미국 주도의 사실표준화협의체인 FIDO1), ITU-T SG17 Q9(Telebiometrics) 국제표준화기구를 중심으로 표준화가 진행되고 있다. 특히, 이러한 모바일 바이오인식기술은 스마트폰을 통한 비대면 인증기술 수단으로서 핀테크, 원격의료분야에서 중요한 요소기술로 작용될 전망이다. 본 논문에서는 이러한 바이오인식 표준화를 위한 국외 표준화 기구를 소개하고, 각 기구별 표준화 현황을 살펴본다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.113-119
• /
• 2009

In recent years, to provide visitors with the various and dynamic services, many ActiveX Controls are developed and distributed in most of the web sites such as e-Government Internet banking Portal in Korea. However, unsecure ActiveX Controls may be critical security threats on Internet User. Although hacking incidents increase sharply for these vulnerable ActiveX Controls, there are not enough national security actions or policies. Thus, in this paper we propose the technical method to design 'Security model for ActiveX Control Managemnet through Security Authentication' to be able safe and useful security management in three aspects of development distribution using.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.4
• /
• pp.1911-1918
• /
• 2011

Internet banking, electronic financial services and internet telephony service can be available on smart phone recently. In this case, more robust authentication mechanisms should be provided for enhancing security on it. In this study, a facial biometric ID based one-time password generation mechanism is designed and implemented for enhancing user authentication on smart phone. After capturing a facial biometric data using camera module on smart phone, it is sent to server to generate one-time biometric ID. Finally one-time password will be generated by client module after receiving the one time biometric ID based challenge token from the server. Using proposed biometric ID based one-time password mechanism, it is possible for us to provide more secure user authentication service on smart phone for SIP protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.7
• /
• pp.1204-1209
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking, stock dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.10a
• /
• pp.517-520
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking stork dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• Journal of Digital Contents Society
• /
• v.15 no.1
• /
• pp.121-128
• /
• 2014

SSE-CMM for security engineering, engineering, assurance, risk is divided into three elements of the process maturity assessment model and the level of information security presented. Maturity measurement of privacy, vulnerability diagnosis and risk analysis methodologies is used in practical field for present a comprehensive conclusion. The common cyber services are internet banking, mobile banking, telephone banking and the like. Transaction structure, a kind of cyber-banking system, information security maturity of the existing measurement methodologies for research purposes, vulnerability diagnosis and risk analysis methodologies to be used in practical field present a comprehensive conclusion. To ensure safety and convenience for the user, convenient to deal with cyber environment is the key to the activation of cyber trading. Particularly by measuring the maturity of cyber banking system to ensure the safety of the practice field much effects are expected as a result.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.163-173
• /
• 2010

PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

• Review of KIISC
• /
• v.26 no.4
• /
• pp.41-46
• /
• 2016

전통적으로 바이오인식기술은 출입국심사(전자여권, 승무원 승객 신원확인), 출입통제(도어락, 출입통제 근태관리), 행정(무인민원발급, 전자조달), 사회복지(미아찾기, 복지기금관리), 의료(원격의료, 의료진 환자 신원확인), 정보통신(휴대폰 PC 인터넷 인증), 금융(온라인 뱅킹, ATM 현금인출) 등 다방면에서 폭넓게 보급되어 실생활에서 널리 활용되고 있다. [그림1]은 신체적 특징(Physiological biometrics)과 행동적 특징(Behavioral biometrics)을 이용한 사용자 인증기술인 바이오인식기술의 유형과 함께 각 기술별 보안취약점(괄호 안 빨강색글자)을 나타내고 있다. 최근 들어, 모바일 지급결제서비스 ATM 인출기 인터넷전문은행 등과 같은 핀테크 분야에서 비대면 인증기술로 바이오인식기술이 각광을 받기 시작했다. 한편, 가짜지문 등 기존의 신체적 특징을 이용한 바이오인식기술의 위변조 위협에 대한 우려 존재함에 따라 뇌파 심전도 근전도 맥박 등 살아있는 사람의 행동적(신체의 기능적) 특징을 이용한 생체신호를 이용하여 비대면 인증기술로서 활용하기 위하여 주요 선진국에서 차세대 바이오인식 기술개발이 가속화되고 있는 추세이다.[1] 또한, 이러한 생체신호는 최근에 삼성전자, LG전자, 애플 등에서 스마트워치를 통해 심장박동수를 측정하고 스마트폰을 통하여 모바일 지급결제, 헬스케어 등과 같은 IoT 모바일 융복합 응용서비스에 활용될 전망이다. 본고에서는 뇌파 심전도(심박수)와 같은 생체신호를 측정하는 스마트워치 밴드형 의복형 또는 패치형태의 웨어러블 디바이스와 같은 생체신호센서, 생체신호 인증기술 및 관련표준화 동향을 고찰해 보기로 한다. 국내외 관련기술과 표준화 동향을 면밀히 분석하여 지난 2015년 5월29일에 발족한 국내외 전문가그룹인 KISA"모바일 생체신호 인증기술 표준연구회"(이하 KISA 표준연구회)가 구심점이 되어 한국형 생체신호를 이용한 차세대 텔레바이오인식기술에 대한 연구개발과 국내외 표준화 추진에 박차를 가할 계획이다.

• Management & Information Systems Review
• /
• v.31 no.1
• /
• pp.149-165
• /
• 2012

Nowadays due to the development of IT, hacking has become a major issue and importance of information system security is rapidly increasing. This research focuses on problems of training system security experts within Korea by analysing university's management information system curriculum and proposes an alternative way to solve this problem. The result of this research is the following. First, reformation of university's curriculum for successfully training system security experts is crucial. Second, theories that was learned in university courses need to be coherent to the actual work that the system security experts do in the field. Lastly, advanced IT countries like the US and Japan have already made standards on training system auditors and reinforced it with laws. Therefore Korea should establish a formal standard system like the other IT industry advanced countries.

• Journal of Internet Computing and Services
• /
• v.18 no.5
• /
• pp.1-8
• /
• 2017

Lightweight Encryption Algorithm(LEA) was developed by National Security Research Institute(NSRI) in 2013 and targeted to be suitable for environments for big data processing, cloud service, and mobile. LEA specifies the 128-bit message block size and 128-, 192-, and 256-bit key sizes. In this paper, block cipher LEA algorithm which can encrypt and decrypt 128-bit messages is designed using Verilog-HDL. The designed IP for encryption and decryption has a maximum throughput of 874Mbps in 128-bit key mode and that of 749Mbps in 192 and 656Mbps in 256-bit key modes on Xilinx Vertex5. The cryptographic IP of this paper is applicable as security module of the mobile areas such as smart card, internet banking, e-commerce and IoT.