• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.3 no.2
• /
• pp.411-420
• /
• 1999

The topic of electronic commerce is a hot issue in computer technology. There are many kinds of risks associated with electronic commerce which performs financial transactions by exchanging electronic information over public networks. Therefore, security factors such as confidentiality, integrity, authentication and non-repudiation should be required to construct secure electronic commerce systems. In this paper, the credit card-based payment protocol applying dual signature is presented. It provides payment information to the bank a cardholder pays to, but conceals ordering information. It also offers ordering information to a merchant, but hides payment information including the card number. Thus, cardholder's private information can be protected. In order to accomplish this, dual signature is performed employing both symmetric method utilizing cardholder's secret number as an encryption key and asymmetric method.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05c
• /
• pp.1887-1890
• /
• 2003

네트워크의 발달과 전자상거래의 급속한 성장은 전자정보를 이용하는 다양한 형태의 지불수단을 등장시켰고, 그 다양한 지불수단들은 급속도로 개발되고 있다. 특히 스마트카드는 보안성이 상당히 높고 대용량의 데이터 저장이 가능하기 때문에 전자지불수단을 위한 매개체로 주목을 받고 있다. 그러나 현재의 스마트카드 관련 개발 환경은 개발비용이 상대적으로 높고 개발한 프로토콜이나 시스템의 안전성 및 효율성 등을 실험하기가 어려우며 개인 컴퓨터환경에서 응용 서비스를 개발하기가 어렵다는 취약점이 있다. 따라서 이러한 취약점을 해결할 수 있는 응용 프로그램의 개발이 필요하다. 본 논문에서는 추가적인 하드웨어의 확장 없이 보유하고 있는 컴퓨터 환경에서 전자지불 시스템을 위한 응용 서비스를 적용하고 테스트할 수 있는 스마트카드 에뮬레이터를 설계하고 구현하였다.

• Proceedings of the KAIS Fall Conference
• /
• 2001.11a
• /
• pp.230-235
• /
• 2001

SET(Secure Electronic Transaction)은 인터네트와 같은 open network에서 안전하게 상거래를 할 수 있도록 보장해주는 지불 프로토롤이다. SET은 보안상의 허점을 보완하고자 신용카드 회사인 비자, 마스터카드와 IBM, 넷스케이프, 마이크로소프트 그리고 VeriSign의 기술적인 도움으로 개발되었다. SET은 RSA 데이터 보안회사의 암호화 기술에 기초를 두고 있으며, 기술사양 자체가 공개이므로 누구나 자유롭게 SET 프로토롤을 사용하는 소프트웨어를 개발 할 수 있다. SET은 우리가 일상생활에서 이용하는 신용카드 거래체계를 인터네트를 통한 전자상거래에서도 유사하게 이용할 수 있도록 하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.491-494
• /
• 2004

개인의 신상 정보와 같은 민감한 정보를 다루는 의료기관의 정보시스템을 스마트 카드를 이용하여 보다 안전하고 효율적인 시스템을 설계 및 구현하고자 한다. 현재 빠르게 보급되고 있는 자바 카드 기술을 이용하여 설계되었으며, 기존의 시스템에 사용자와 의료기관사이의 인터페이스를 스마트 카드로 대체함으로써 보안적 측면의 강화 및 사용자의 중심의 편의성을 높이도록 설계하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.201-206
• /
• 2007

Development of Information and Communication technology coming to activity of internet banking and electronic business, and smart card of medium is generalized prevailing for user authentication of electronic signature certificate management center with cyber cash, traffic card, exit and entrance card. In field that using public network, security of smart cart and privacy of card possessor's is very important. Point of smart card security is use safety for smart card by user authentication. Anonymous establishment for privacy protection and denial of service attack for availability is need to provision. In this paper, after analyze for Hwang-Li, Sun's, L-H-Y scheme, password identify element is a change of safety using one time password hash function. We proposed an efficient new smart card authentication protocol against anonymity and denial of service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.31-39
• /
• 2008

The development of next-generation resident registration cards, financial IC cards and administrative agency IC cards based on a smart card is currently coming out in Korea. However, the low-price IC cards without countermeasures against side channel analysis attacks are expected to be used fer cost reduction. This paper has investigated the side channel resistance of financial IC cards that are currently in use and have performed DPA attacks on the financial IC cards. We have been able to perform successful DPA attacks on these cards by using only 100 power measurement traces. From our experiment results, we have been able to extract the master key used for encryption of a count PIN number.

• The KIPS Transactions:PartD
• /
• v.10D no.6
• /
• pp.1059-1066
• /
• 2003

In this paper, the magnetic sensing system is designed and implemented for the safe security in internet commerce system. When the payment is required inthe internet commerce system, the magnetic sensing system will get the information from a credit card without keyboard input and then encrypt and transmit the information to server. The credit card sensing system, which is proposed in this paper, is safe from keyboard hacking because it encrypts card information immediately in its internal chip and sends the information to host system. For the protection of information, the magnetic sensing system is basically based on a synchronous stream cipher cryptosystem which is related to a group of matrices. The size of matrices and the bits of keys for the best performances are determined for various cases. It is shown that for credit card payments. matrices of size 2 have good performance even at most 128bits keys with the consideration of inverse matrices. For authentication of general-purpose data, the magnetic sensing system needs more than 1.5KB data and in this case, the optimum size of matrices is 2 or 3 at more 256bits keys with consideration of inverse matrices.

• Journal of the Institute of Electronics Engineers of Korea TE
• /
• v.37 no.5
• /
• pp.125-131
• /
• 2000

In this paper, we proposed conditional access algorithm for data confidential using smart card. This algorithm is constructed smart card and E-mail gateway for restricting of user's illegal confidential data transmission. After processing of certification procedure in smart card, each E-mail forwarded to E-mail gateway(EG). The EG selects outgoing E-mail and it is sent to fire-wall E-mail processing program, it is checked attached file in transmission mail and if it is attached file, it writes to database. This time, it can be used evidence data about user's illegal confidential data transmission, because of using registered content and smart card certification data in database. in addition to, we can get psychologically effect of prevention to send illegally, and this system can prevent spam mail in EG, also.

• Journal of Digital Convergence
• /
• v.10 no.1
• /
• pp.177-184
• /
• 2012

It was emphasized that national electronic identification card system should be a prerequisite for the entire administrative services. Furthermore, the government so designed the plan on the assumption of national electronic identification card system that it could manage services for the public, elections, and most of decision-making processes. Nevertheless, national electronic identification card system has drifted for a fairly long time without being institutionalized. On the basis of the policy examples, this study tries to examine the process and discuss on what elements of conflict have been shown. Though it is all water under the bridge, it is thought that, when the new policy emerges in the future, recurrent failures can be reduced by a case study like this.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.886-888
• /
• 2002

인터넷 상의 주문 결재로부터 생성되어지는 수백만의 결제로 인해 축적되어진 레코드들을 이용하고, 아울러 고객이 제공하는 데이터 등을 가지고 고객이 실제 카드 소지자인지를 판별하는 전자결제 신용카드 사기방어시스템 (Anti-Fraud System(AFS))을 제안하였다. 고객은 거래 콤포넌트에 의한 보안 메시징 프로토콜을 사용해서 인터넷에서의 서비스 요구를 시작한다. 거래의 위험도를 결정하기 하기 위해서 데이터마이닝 기법을 이용한 하이브리드 모델링기법을 사용하여 이와 같은 요구에서 생성되는 트랜잭션 정보의 위험도를 계산한 후, 미리 결정된 위험수위와 비교하여 부가적 신용 정보의 필요성을 판단하게 된다.