• International Commerce and Information Review
• /
• v.9 no.1
• /
• pp.297-312
• /
• 2007

The GUIDEC I was published in November 1997 by the International Chamber of Commerce (ICC) and then the GUIDEC was published in October 2000 in the name of GUIDEC II. The GUIDEC II is the next version of GUIDEC I. This paper examines the electronic authentication and certification practices under GUIDEC II in detail. Therefore, this paper can help parties concerned to understand electronic authentication and certification practices of electronic commerce. GUIDEC II maintains the content of GUIDEC I, but GUIDEC II adds some new definitions such as authenticating a message and explains the rights and responsibility of subscribers, certifiers, and relying parties in detail. The aim of the GUIDEC II is to enhance the ability of international business community to execute trustworthy digital transactions utilizing legal principles that promote reliable digital authentication and certification practice.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1684-1688
• /
• 2005

In this paper, authentication technologies for X-ray inspection images in container merchandises are introduced and a method of authentication for X-ray inspection images is proposed. Until now, X-ray images of container merchandises have been managed without any authentication of inspection results and environments, it means that there was no any action for protection of illegal copy and counterfeiting of X-ray images from inspection results. Here, authentication identifies that who did inspect container X-ray images and, whether the container X-ray images were counterfeited or not. Our proposed algorithm indicates to put important information about X-ray inspection results on an X-ray image without affecting quality of the original image. Therefore, this paper will be useful in determining an appropriate technology and system specification for authentication of X-ray inspection images. As a result of experiment, we find that the information can be embedded to X-ray image without large degradation of image quality. Our proposed algorithm has high detection ratio by Quality 20 of JPEG attack.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.2
• /
• pp.59-63
• /
• 2017

Recently, Certificate has been loosed 100 times in a four years as Phising or hacking. The service that use certificate in financial services occurs practical and secure issues. Therefore, the Korea government abolished the mandatory system used in the certificate service. However, they did not provide a replacing method for a certificate. And is not to fill the gaps of the certificate with one time password or secure card. Therefore this paper is propose the alternative method with total authentication service, that is lead the more secure electronic commercial.

• Journal of Korean Society of Disaster and Security
• /
• v.5 no.1
• /
• pp.21-28
• /
• 2012

This study can be solved a means of authentication of electronic financial transactions. We suggest that smart devices can be useful to authenticate in electronic financial transactions regardless of time and place. Our new authentication method named Lock-Unlock authentication method with smart devices. This method will be expected to reduce many kind of accidents (theft, phishing, hacking, certificates and simple certified OTP, ATM withdrawals, ARS, etc.) by account locking in electronic financial transactions. And helpful to users can effectively protect electronic financial transactions and minimize the accident during get a electronic trading.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.10
• /
• pp.1237-1247
• /
• 1999

이질적 분산 환경에서 전자 상거래는 신임장을 기반으로 상거래 참여자들에 대한 인증 서비스가 제공되어야 한다. 본 연구에서는 CORBA 보안 명세 1 를 기반으로 전자 상거래 참여자들에 대한 객체 단위 인증 및 권한 부여 기법을 제공하는 상호 인증 서비스 구조를 제안한다. 이 구조는 Kerberos 2 의 인증 기법 및 인증 키 교환 기법으로 전자 상거래 참여자간에 상대 주체의 신원 확인 뿐 아니라 거래 진행 중 취득한 정보의 근원을 파악할 수 있도록 하였다. 또한 Kerberos 기법을 CORBA 플랫폼 기반의 상호 인증 구조로서 분산 환경에 대해 확장하였으므로 키 관리 등 보안 정보 관리에 있어 효율적이다.Abstract Electronic commerce shall provide its subjects with a credential-based authentication service in the heterogeneous distributed computing environment. In this paper, based on CORBA security service specification 1 which OMG defined, we propose the mutual authentication service for subjects of electronic commerce, providing the authentication of object level and the authenticated key exchange. This proposed structure, by Kerberos 2 for the authentication and the authenticated key exchange, assures not only the identification of a partner but also the confidence of origin of business item for negotiations between subjects of electronic commerce. Since our deployed Kerberos is extended to the mutual authentication service based on CORBA platform, it is efficient for security administration to manage the information such as a key management in the heterogeneous distributed computing environment.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.610-616
• /
• 2015

In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

• Journal of the Korean Institute of Telematics and Electronics T
• /
• v.35T no.2
• /
• pp.93-99
• /
• 1998

There is only authentication of end-to-end in electronic commerce technique. But in a distributed system, an authentication that is ensured users and computers has a big threats which an identify of those is unbelievable because it can be occurred an fabrication or a false personation. Authentication for other elements included customers and vendors is required in the case that there is many a broker connecting customers with vendors as well. In authentication like above, many elements playing different role participated, were performed by the known techniques, processing was more complicated. In this paper, the Mutual Indirect Authentication technique is used to solve and avoid that condition and the generalized electronic commerce using a mobile agent is accomplished with this technique.

• Journal of Information Processing Systems
• /
• v.16 no.3
• /
• pp.599-611
• /
• 2020

With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in plaintext. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes an iris-based ciphertext authentication system based on fully homomorphic encryption using the FV scheme. The implementation of the system is partly powered by Microsoft's SEAL (Simple Encrypted Arithmetic Library). The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template. Thus, there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly using the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• Management & Information Systems Review
• /
• v.6
• /
• pp.1-19
• /
• 2001

Partial transactions which use computer networks are formed in the cyberspace due to rapid progress of communication and computer technology. Electronic business transactions have security problems according to the special quality of opening networks, while it can be approached easily by anyone without being tied to time and places through Internets. To revitalize the electronic business transactions, security technology which can establish its security and trust is the prior task and both safe information communication and better information security service offer are essential factors. The method to exchange information through Internets must be made after confirming one another's exact connection in the mutual identity certification to prevent a lot of threat which can occur in the use of password techniques. To satisfy these electronic business transactions, we intend to increase understanding of authentication algorithm provided with authentication function of messages and users as well to plan safety and trust of business information and contents in the electronic business transactions.