• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.755-764
• /
• 2004

Recently 'Banking IC Card Standard' and EMV Standard by the domestic standard is selected, and it is situation that is developing infrastructure vigorously to alternate Magnetic Stripe card by IC card. This paper analyzes EMV standard that is selecting public key cipher, and research wishes to study unexhausted EMV PKI relatively than internet PKI, WAP PKI etc. This paper propose utilizable EMV base Payment PKI model in IC card base payment system development, and developed EMV CA system with this. Also, this paper supplemented IC card Authentication mechanism that is defined in EMV standard, and propose 'Efficient smart card Authentication mechanism' to improve performance of this mechanism, and estimate performance.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.4
• /
• pp.867-875
• /
• 2014

Rapid development of internet service is enabling internet banking services in anywhere and anytime. However, service access through internet can be exposed to adversary easily. To prevent, current service providers execute authentication process with user's identification and password. However, majority of users use short and simple password and do not periodically change their password. As a result of this, user's password could be exposed to attacker's brute force attack. In this paper, we presented enhanced password system which guarantee higher security even though users do not change their current password. The method uses additional secret information to replace real password periodically without replacement of real password.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.43 no.2
• /
• pp.56-64
• /
• 2020

This paper is a follow up to the previous study which reveals that smartphone users are divided into three subcategories according to their usage characteristics. In this paper, these groups are called as 'general', 'entertainment', and 'work-assistant', taking into account their respective characteristics. The 'general' is a group whose smartphone usage characteristics are not focused on a specific purpose, the 'entertainment' is focused on music, internet, SNS, picture, and e-banking, and the 'work-assistant' is on work, GPS, diary. Inter-relation between the importance and satisfaction for the purchase determinants to the groups is investigated. In addition, Kano analysis of quality attributes is also performed, which includes quality type, satisfaction/dissatisfaction index, and PCSI (Potential Customer Satisfaction Improvement) index. The analysis result are as follows. Firstly, inter-relation between importance and satisfaction differs by user group. 'Internet', 'Ease of use', and 'Performance' purchase determinants are evaluated as competitive determinants in 'work-assistant' user group. Secondly Kano quality types of quality characteristics also differs by user group. 'Application' was classified as an attractive (A) types to 'entertainment' group and so on. 'Internet' 'Failure/Bug', 'Touch response rate' and 'Charging' are located in 'Nice' Region of S-PCSI Diagram and have to be considered as strategic quality characteristics. The results of this study is expected to give some helps in establishing a customer tailored quality strategy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.99-113
• /
• 2003

As a research on PKI(Public Key Infrastructure) is being very popular, the study relating to certificate status and path validation is being grown with aim to reduce an overhead of the protocol and to provide an efficient operation. But in spite of a lot of related research there is still almost no protocol that we can use for real-time based client-server environment with large scale like internet banking. In this paper, we shows that the existing standards or protocols are not suitable to be used for such a real-time based client-server environment with large scale, and then proposes an efficient certificate status and path validation system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.25-31
• /
• 2015

FinTech(Financial Technology) is defined as the technique to create efficient financial services using IT technologies. FinTech is an innovative technology through IT platform and big data, and is expected to improve the security and problems of the conventional banking system. Domestic financial institutions has introduced the technologies and investment in order to provide safe and effective services to users. However, In the financial environment, information disclosure and security incident has occurred so they has lost the trust from their customers. Moreover new variant of the security threats and attack techniques have occurred. Therefore, in this paper, we designed a authentication scheme for secure payment system in FinTech environment. The proposed study evaluated the stability of the existing security systems with respect to attack methods occurred in the financial environment.

• Management & Information Systems Review
• /
• v.7
• /
• pp.21-51
• /
• 2001

For increasing the competitiveness and efficiency of Korea's finance industry under the new e-finance paradigm, this paper compared the practical use of finance portal site' on service parts and stage between Korea and U.S.A.. The services which can be served from site are banking, mortgage and credit loan, stock, card, retirement tax, PFM(Personal Finance Management), EBPP(Electronic Bill Presentment and Payment) and Account Aggregation and so on. The stage of site can be divided as the information provide stage which only gives information about service parts, on-line transaction stage which real-time transaction is possibile and PFM services provide stage according to development process. As a result, the beginning of finance portal service in Korea was lated about 10years and more than it of U.S.A. So the development stage of domestic portal site is still staying in the first step and the providing services and contents or business model development parts are also in the same stage than U.S.A. Resides, Korea's sites mainly focus on their first service parts even though they recently aim internet finance portal, and provide not real time transaction but finance information. On the other hand, the U.S.A. site support substantially not only various on-line transactions but also distinctive personal services like PFM(Personal Finance Management), EBPP(Electronic Bill Presentment and Payment), Account Aggregation and Trans-account, brokerage, education center, mortgage loan, mutual fund, option, pension fund and IPOs and so on. Thus, the site of Korea need to establish real type of internet finance portal which provides one-stop services on every type of finance to customers in the real time and also require the strategic integration among finance institutions. The next turn, they need to build information system and education center to give best satisfaction to customers and acquire customer information and marker environment changes and need to provide distinctive services to quality customers throughout database from this. Also the site should provide various type of banking services which refereed above like PEM, EBPP and education center etc, and the government of Korea should support the building of IT infrastructure to Physical, legal, systematic, sociocultural, technical and human resource sections. This paper provided the future movement direction of the domestic finance portal through comparison and analysis on the practical use of it between Korea and U.S.A. and also wanted to contribute for developing and reading of Korea finance portal in the new era of the finance paradigm.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.89-96
• /
• 2012

Information society which came due to advance of Information Technology improved the social and economical productivity as well as the quality of national life. But behind the right function the adverse effect as cyber terror is serious and become a big issue. Recently, hackings on a big scale occur frequently. The personal information stored in Internet company is leaked and customers are badly damaged by paralysis of banking system. Also hacking attacks by North Korea occur frequently. It causes confusion in our society and a threat to national security. In this paper, the trend of domestic cyber terror is observed and the countermeasure against cyber terror is proposed.

• Proceedings of the Korean Operations and Management Science Society Conference
• /
• 2002.05a
• /
• pp.835-840
• /
• 2002

The information systems of the Korea Postal Service are developed not for integration based on strategic purposes but for improvement of low-level business processes within each functional unit. Hence. the as-is level of the information systems is very insufficient for information integrity, and also shows substantial gaps. when compared to recent advances in information envconment such as internet, electronic govemment and so on in this study we suggest the design of the integrated platform to achieve integrity of postal service and banking servive. After briefly addressing the issues on information systems of the Korea Postal Service. we provide the framework of the integrated platform and action plan. We believe when this framework is put into use. It can contribute to competitive performance by giving the integrity and consistency in implementing infomation systems of the Korea Postal Service.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1225-1228
• /
• 2010

최근 인터넷 뱅킹이 주요 국가들의 은행 거래 서비스에서 많은 비중을 차지하고 있다. 보안이 중요한 인터넷 뱅킹 분야에서 국내와 해외의 보안 방식을 비교하여 도출된 시사점을 적용한다면 더 안전한 시스템 설계에 바탕이 될 것이다. 따라서 본 논문에서는 국내와 해외의 인터넷 뱅킹 보안의 특징과 그 진행 과정을 살펴보았다. SSL/TLS(Secure Socket Layer/Transport Layer Security) 기술을 사용하는 외국 인터넷 뱅킹에 비해 공인인증서 체계를 채택한 국내 인터넷 뱅킹은 웹 브라우저에서 지원하지 않는 암호 알고리즘을 사용하기 위한 플러그인을 설치함으로써 사용자가 불편을 느끼며, 또한 이런 플러그인 때문에 인터넷 뱅킹을 이용할 수 있는 웹 브라우저의 종류가 제한된다. 마지막으로 이러한 플러그인을 은행 별로 서비스하기 위한 별도의 비용이 추가된다. 이런 문제점들을 해결하여 더 나은 인터넷 뱅킹 시스템을 구축하기 위해서는 면밀한 검증과 제도적 지원이 필요하다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.7
• /
• pp.1204-1209
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking, stock dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.