• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.533-540
• /
• 2014

As for the application system or the user authentication scheme that is used in the system, various technologies including simple ID/PW, certificate, fingerprint/iris, phone, security card, and OTP are being used. But simple ID/PW and phone certification lack security features. As for the certificate, fingerprint/iris, and security card/OTP, the weakness in security has been quite strengthened, but there are costs and complexity involved to use these. This paper proposes a new measure of much safer and low-cost user authentication that improves the security level and uses mobile external storage media such as USB that people commonly have.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.73-79
• /
• 2008

Nowadays, all over the world's banks use internet banking through various authentication methods. Although there are strong authentication methods using OTP (One Time Password), there still has vulnerability from sophisticated attacks such as MITM (Man In The Middle). This letter proposes signing-based authentication protocol that copes with attacks, such as MITB (Man In The Browser), and provides non-repudiation function. The protocol shows generic method to prevent the sophisticated attacks through connecting advantages from OTP and PKI (Public Key Infrastructure) certificate, and that can be deployed to various extended form in internet banking.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.7
• /
• pp.1227-1234
• /
• 2008

In this paper is designed a 256-bit synchronous OTP(one-time programmable) memory required in application fields such as automobile appliance power ICs, display ICs, and CMOS image sensors. A 256-bit synchronous memory cell consists of NMOS capacitor as antifuse and access transistor without a high-voltage blocking transistor. A gate bias voltage circuit for the additional blocking transistor is removed since logic supply voltage VDD(=1.5V) and external program voltage VPPE(=5.5V) are used instead of conventional three supply voltages. And loading current of cell to be programmed increases according to RON(on resistance) of the antifuse and process variation in case of the voltage driving without current constraint in programming. Therefore, there is a problem that program voltage can be increased relatively due to resistive voltage drop on supply voltage VPP. And so loading current can be made to flow constantly by using the current driving method instead of the voltage driving counterpart in programming. Therefore, program voltage VPP can be lowered from 5.9V to 5.5V when measurement is done on the manufactured wafer. And the sens amplifier circuit is simplified by using the sens amplifier of clocked inverter type instead of the conventional current sent amplifier. The synchronous OTP of 256 bits is designed with Magnachip $0.13{\mu}m$ CMOS process. The layout area if $298.4{\times}314{\mu}m2$.

• The Journal of Society for e-Business Studies
• /
• v.13 no.1
• /
• pp.33-43
• /
• 2008

As the applications within Internet becoming more extensive, the security issues of those applications are appearing to be the most important concern. We have to be sure if all elements of the system are robust and perform well. Even if some small part of the system is vulnerable, it might cause the total system crash-down. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper, we propose new technique which uses the fingerprint features in order to generate one time passwords(OTPs). Fingerprint is considered to be one of the powerful personal authentication factors and it can be used for generating variable passwords for one time use. Also we performed a simulation for proposed password generation method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.987-997
• /
• 2018

Blockchain has tamper-free, so many applications are developing to leverage tamper-free features of blockchain. MIT Media Labs proposed BlockCerts, educational certificate blockchain System, to solve problems of legacy certificate verifications. Existing educational certificate blockchain Systems are based on public blockchain such as bitcoin, Ethereum, so any entity can participate educational institute in principal. Moreover, the exisitng educational certricate blockchain system utilizes the integrity of blockchain, but the confidentiality of the educational certificate is not provided. This paper propose a digital certificate system based on private blockchain, name HyperCerts. Therefore, only trusted entity can participate in the private blockchain network, Hyperledger, as the issuer of digital certificate. Furthermore, the practical byzantine fault tolerance is used as consensus algorithm, HyperCerts reduce dramatically the latency of issuing digital certificate and required computing power. HyperCerts stores the hash value of digital certificate into the ledger, so breach of personal information by malicious entity in the private blockchain is protected.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.7
• /
• pp.1634-1642
• /
• 2014

Mobile RFID system, that consists of the existing RFID reader mounted on the mobile devices such as smartphones, is able to provide the users a variety of services and convenience. But security of mobile RFID system is too weak like the existing RFID system. In this paper, the mobile RFID mutual authentication protocol with high level of security is proposed to overcome the troubles such as cryptographic protocols in the existing RFID system responding with the same value in every authentication procedure and the exposure in the exchange of messages. The proposed protocol exchanges messages unexposed by using the random numbers generated in the mutual authentication between the tag and the reader and making numbers coded with the symmetric key. Besides, the protocol uses the mutual authentication utilizing OTP by considering the characteristics of the reader embedded in mobile devices in the mutual authentication process between the reader and the server. Because changed message in every authentication, which produces safe from spoofing attacks and replay attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.87-98
• /
• 2007

AAA protocol is an information protection technology which systematically provides authentication, authorization and accounting function not only in the existing wire network but also in the rapidly developing wireless network, various services and protocol. Nowadays, standardization of the various application services is in progress with the purpose of AAA standardization fer the mobile user in the wireless network. And various researches are being conducted fur using AAA in the roaming service and mobile IPv6 network between heterogeneous networks. In this paper uses OTP and ID-based ticket for user authentication in the mobile device under the ubiquitous environment, and service is seamlessly provided even though the mobile device moves from the home network to the foreign network. In addition, with the ticket renewed from the foreign network, the overhead of the home authentication server can be reduced, and provides anonymity of service through the anonymity ID.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.139-147
• /
• 2011

More convenient and value-added application services can be provided to user in case of using location-based service on Smart phone. However, privacy problem will be happen when an application disclosures the personal location information. Therefore, each user should securely control and manage his own personal location information by specifying access control list and profiles. In this study, we implemented personal location information self-control protocol and developed secure personal location management system with OTP based authentication procedure.

• Proceedings of the Korean Information Science Society Conference
• /
• 2000.04b
• /
• pp.60-62
• /
• 2000

인터넷을 기반으로 하는 전자상거래 환경에서 데이터 공유 문제를 해결하기 위하여 XML을 이용한 시스템들이 적용되고 있다. 하지만 서로 다른 DTD를 기반으로 작성된 응용 시스템 경우에는 의미에 대한 공유가 이루어지지 못하게 되므로 XML을 이용한 데이터 공유 및 교환은 어렵다. 본 논문에서는 X3.285에서 제시한 개념적 메타 모델(Conceptual MetaModel)을 토대로 데이터 레지스트리(DR)모델을 구축하고 전자상거래 표준 프로토콜(UN/EDIIFACT,XML/EDI, OTP)들로부터 공통된 데이터 요소를 정의하여 데이터 레지스트리(이하 DR)를 구축하였다. 구축된 DR 은 서로 다른 형식의 전자상거래 시스템간의 데이터 유통을 가능하게 하고, 데이터에 대한 식별 및 등록 서비스 기능을 제공하게 된다. 따라서 웹 환경에서의 DR를 기반으로 하는 다양한 전자상거래 응용 시스템 개발 및 운용이 가능하다.

• Journal of Convergence Society for SMB
• /
• v.5 no.3
• /
• pp.9-13
• /
• 2015

With the advance of ICT, the necessity of user authentication to verify the identity of an opponent online not face to face is increasing. The authentication, the basis of the security, is used in various fields. Because ID-based authentication has weaknesses in terms of stability and losses, two or more than two authentication tools are used in the place in which the security is important. Recently, biometric authentication rather than ID, OTP, SMS authentication has been an issue in terms of credibility and efficiency. As the fields applied to current biometric recognition technologies are increasing, the application of the biometric recognition is being used in various fields such as mobile payment system, intelligent CCTV, immigration inspection, and access control. As the biometric recognition, finger print, iris, retina, vein, and face recognition have been studied actively. This study is to inspect the current state of domestic and foreign standardization including understanding of the face recognition and the trend of technology.