• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.731-742
• /
• 2017

For all the various cryptographic techniques related to security, social technological attacks such as a shoulder surfing are infeasible to block off completely. Especially, the attacks are executed against financial facilities such as automated teller machine(ATM) which are located in public areas. Furthermore, online financial services whose rate of task management is consistently increasing are vulnerable to a shoulder surfing, smudge attacks, and key stroke inference attacks with google glass behind the convenience of ubiquitous business transactions. In this paper, we show that the security of ATM and internet banking can be reinforced against a shoulder surfing by using One-Time Keypad(OTK) and compare the security of OTK with those of ordinary keypad and One-Time Password(OTP).

• The Journal of the Korea Contents Association
• /
• v.5 no.1
• /
• pp.45-53
• /
• 2005

With the rapid progress of research to offer a convenience of mobile communication, the mobile users can use not only the services of voice call but also the variety services of data communication using Internet. These include Internet Searching, Internet Shopping and Internet banking and Internet stock exchange and electronic payment and so on, based on PKI. Also, the need of data communication between the mobile users has been increased. As it is possible for mobile users to do user authentication, key distribution, encryption, decryption and so on, it is needed the certificate status validation between the mobile users. However due to the PCS(Personal Communication System) had been only designed and implemented for voice call between the mobile users, it is not easy to apply data communication between the mobile users on PKI. Therefore the study of for the data communication between the mobile users in PCS is a few. It is for the data transfer between the mobile users to communicate using call processing of PCS. So, we propose how to process the certificate status validation during call processing for data communication between the mobile users in the PCS.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.837-840
• /
• 2007

Recently, Not only PC environment but also movile environment using XML for translating data. But the mobile delevopment is more limited but need highler security than PC environment Because there is some important service such as mobile banking. In this paper, We development the system to encrypt and decrypt the XML data in order to protect data, And the system is observing the recommendation of the XML Encryption Syntax and Processing by W3C. When encrypting the data, We use the entryption algorithm DES, Triple-DES, AES, SEED and RSA. and consideration of the mobile environment Last, We test the system at WIPI environment.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.3
• /
• pp.525-532
• /
• 2013

Recently. smartphones have been popularized rapidly and now located deep in our daily life, providing a variety of services from banking, SNS (Social Network Service), and entertainment to smart-work mobile office through apps. Such smartphone apps can be easily downloaded from what is known as app store which, however, bears many security issues as software developers can just as easily upload to it. Military apps will be exposed to a myriad of security threats if distributed through internet-basis commercial app store. In order to mitigate such security concerns, this paper suggests a security guidelines for establishing a military-excusive app store and security verification system which prevent the security hazards that can occur during the process of development and distribution of military-use mobile apps.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.1-12
• /
• 2014

Recently, the need for non-stop service is increasing by the business mission-critical Internet banking, e-payment, e-commerce, home shopping, securities trading, and petition business increases, clustered in a single database of existing, redundant research on high-availability technologies related to technique, etc. is increasing. It provides an API based on the Active Log in addition to the technique of redundancy, ALTIBASE$^{TM}$ Log Analyzer (below, ALA), provides scalability and communication of the same model or between heterogeneous. In this paper, we evaluated the performance of ALA by presenting the design of the database system that you can use the ALA, to satisfy all the synchronization features high scalability and high availability, real-time.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.219-226
• /
• 2015

OTP(One Time Password) is for user authentication of Internet banking and users should carry their security card or OTP generator to use OTP. If they lost their security card or OTP generator, there is at risk for OTP leak. This paper suggests a new User Authentication Framework using personal health information from diverse technology of u-Health. It will cover the problem of OTP loss and illegal reproduction A User Authentication Framework is worthy of use because it uses various combinations of user's physical condition which is inconstant. This protocol is also safe from leaking information due to encryption of reliable institutes. Users don't need to bring their OTP generator or card when they use bank, shopping mall, and game site where existing OTP is used.