• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.3 no.2
• /
• pp.411-420
• /
• 1999

The topic of electronic commerce is a hot issue in computer technology. There are many kinds of risks associated with electronic commerce which performs financial transactions by exchanging electronic information over public networks. Therefore, security factors such as confidentiality, integrity, authentication and non-repudiation should be required to construct secure electronic commerce systems. In this paper, the credit card-based payment protocol applying dual signature is presented. It provides payment information to the bank a cardholder pays to, but conceals ordering information. It also offers ordering information to a merchant, but hides payment information including the card number. Thus, cardholder's private information can be protected. In order to accomplish this, dual signature is performed employing both symmetric method utilizing cardholder's secret number as an encryption key and asymmetric method.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.4
• /
• pp.1046-1058
• /
• 1997

WWW has taken root in Internet as a means of future shopping.But paymetn systems using tpdays show us several security vnlnerabilities.The problem that plain shpter's credit card details are transferred in Internet is included.Thnese risks can break out not only an infringement of pribate information but also economic crime.To solve these risks,we introduce the techique which implrment the encrypted WWW communication using PGP.And we propose SCCP which is new electronic payment protocol.As a result of testing with criteria from IBM,we can find that SCCP is safe and secure electronic payment protocol.As a result of testing with criteria from IBM,we can find that SCCP is safe and secure elctronic payment protocol.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.86-87
• /
• 2010

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.220-222
• /
• 2002

WPP 지불 프로토콜[3]은 WAP 프로토콜을 이용하여 무선인터넷에거 신용카드 지불을 수행한다. 그러나 WPP 지불 프로토콜은 WAP의 보안 프로토콜인 WTLS를 사용함으로써 종단간 보안을 제공하지 못하는 문제점을 가지고 있다. 본 논문에서는 공개키 암호 시스템과 Mobile Gateway를 사용하여 특정 무선인터넷 플랫폼과 독립적인, 종단간 보안이 제공되는 안전한 신용카드 지불 프로토콜을 제안한다.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.215-218
• /
• 2003

In this paper, we propose a protocol both allow a End-to-End security between user and service provider and independent in mobile Internet platform in AIP. In particular, our proposed protocol generates a session key using Weil pairing by ID-based public key system. We analysis a security and efficient of protocol when on-line certification authority participates in authentication process.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.122-132
• /
• 1996

WWW(World Wide Web)은 미래의 쇼핑수단으로 자리를 잡아가고 있다. 하지만, 현재 사용하고 있는 지불형태는 구매자의 신용카드 정보가 평문으로 네트워크를 통해 전송되는 것과 같은 보안상의 문제점을 가지고 있다. 이러한 문제점들은 개인정보에 대한 침해 딸만 아니라 정제범죄 등의 사회적 문제를 야기할 수 있다. 이러한 문제점을 재결하기 위하여 본 논문에서는 신용카드를 사용하는 새로운 전자지불 프로토콜인 SCCP(Secure Credit Card payment)를 소개한다. SCCP의 적합성을 확인하기 위하여 IBM에서 제시한 기준에 따라 수행한 결과, 본 논문에서 제시하는 방법은 안전한 전자지불 프로토콜로 판단된다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Journal of Intelligence and Information Systems
• /
• v.20 no.4
• /
• pp.59-87
• /
• 2014

In MIS field, the researches on payment services are focused on adoption factors of payment service using behavior theories such as TRA(Theory of Reasoned Action), TAM(Technology Acceptance Model), and TPB (Theory of Planned Behavior). The previous researches presented various adoption factors according to types of payment service, nations, culture and so on even though adoption factors of identical payment service were presented differently by researchers. The payment service industry relatively has strong path dependency to the existing payment methods so that the research results on the identical payment service are different due to payment culture of nation. This paper aims to suggest a successful adoption factor of noble payment service regardless of nation's culture and characteristics of payment and prove it. In previous researches, common adoption factors of payment service are convenience, ease of use, security, convenience, speed etc. But real cases prove the fact that adoption factors that the previous researches present are not always critical to success to penetrate a market. For example, PayByPhone, NFC based parking payment service, successfully has penetrated to early market and grown. In contrast, Google Wallet service failed to be adopted to users despite NFC based payment method which provides convenience, security, ease of use. As shown in upper case, there remains an unexplained aspect. Therefore, the present research question emerged from the question: "What is the more essential and fundamental factor that should takes precedence over factors such as provides convenience, security, ease of use for successful penetration to market". With these cases, this paper analyzes four cases predicted on the following hypothesis and demonstrates it. "To successfully penetrate a market and sustainably grow, new payment service should find non-customer of the existing payment service and provide noble payment method so that they can use payment method". We give plausible explanations for the hypothesis using multiple case studies. Diners club, Danal, PayPal, Square were selected as a typical and successful cases in each category of payment service. The discussion on cases is primarily non-customer analysis that noble payment service targets on to find the most crucial factor in the early market, we does not attempt to consider factors for business growth. We clarified three-tier non-customer of the payment method that new payment service targets on and elaborated how new payment service satisfy them. In case of credit card, this payment service target first tier of non-customer who can't pay for because they don't have any cash temporarily but they have regular income. So credit card provides an opportunity which they can do economic activities by delaying the date of payment. In a result of wireless phone payment's case study, this service targets on second of non-customer who can't use online payment because they concern about security or have to take a complex process and learn how to use online payment method. Therefore, wireless phone payment provides very convenient payment method. Especially, it made group of young pay for a little money without a credit card. Case study result of PayPal, online payment service, shows that it targets on second tier of non-customer who reject to use online payment service because of concern about sensitive information leaks such as passwords and credit card details. Accordingly, PayPal service allows users to pay online without a provision of sensitive information. Final Square case result, Mobile POS -based payment service, also shows that it targets on second tier of non-customer who can't individually transact offline because of cash's shortness. Hence, Square provides dongle which function as POS by putting dongle in earphone terminal. As a result, four cases made non-customer their customer so that they could penetrate early market and had been extended their market share. Consequently, all cases supported the hypothesis and it is highly probable according to 'analytic generation' that case study methodology suggests. We present for judging the quality of research designs the following. Construct validity, internal validity, external validity, reliability are common to all social science methods, these have been summarized in numerous textbooks(Yin, 2014). In case study methodology, these also have served as a framework for assessing a large group of case studies (Gibbert, Ruigrok & Wicki, 2008). Construct validity is to identify correct operational measures for the concepts being studied. To satisfy construct validity, we use multiple sources of evidence such as the academic journals, magazine and articles etc. Internal validity is to seek to establish a causal relationship, whereby certain conditions are believed to lead to other conditions, as distinguished from spurious relationships. To satisfy internal validity, we do explanation building through four cases analysis. External validity is to define the domain to which a study's findings can be generalized. To satisfy this, replication logic in multiple case studies is used. Reliability is to demonstrate that the operations of a study -such as the data collection procedures- can be repeated, with the same results. To satisfy this, we use case study protocol. In Korea, the competition among stakeholders over mobile payment industry is intensifying. Not only main three Telecom Companies but also Smartphone companies and service provider like KakaoTalk announced that they would enter into mobile payment industry. Mobile payment industry is getting competitive. But it doesn't still have momentum effect notwithstanding positive presumptions that will grow very fast. Mobile payment services are categorized into various technology based payment service such as IC mobile card and Application payment service of cloud based, NFC, sound wave, BLE(Bluetooth Low Energy), Biometric recognition technology etc. Especially, mobile payment service is discontinuous innovations that users should change their behavior and noble infrastructure should be installed. These require users to learn how to use it and cause infra-installation cost to shopkeepers. Additionally, payment industry has the strong path dependency. In spite of these obstacles, mobile payment service which should provide dramatically improved value as a products and service of discontinuous innovations is focusing on convenience and security, convenience and so on. We suggest the following to success mobile payment service. First, non-customers of the existing payment service need to be identified. Second, needs of them should be taken. Then, noble payment service provides non-customer who can't pay by the previous payment method to payment method. In conclusion, mobile payment service can create new market and will result in extension of payment market.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2004.05a
• /
• pp.461-464
• /
• 2004

무선 환경에서의 전자상거래가 빠르게 성장함에 따라 종단간 보안이 필요하다. 기존 WTLS를 사용하는 WPP 프로토콜에서는 종단간 사용자 안전성을 보장하고 있지 않다. 이 논문에서는 AIP프로토콜에서 사용자와 서비스 제공자간에 종단간 안전성이 제공되는 무선 인터넷 플랫폼에 독립적인 소액지불 프로토콜을 제안한다. 또한 인증기관이 인증과정에 참여할 경우 ID 기반 공개키 암호 시스템을 적용한 세션키를 생성하여 제안 프로토콜의 안전성 및 효율성을 분석한다