• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.3-13
• /
• 2004

E-Commerce is suddenly spreading in a daily life. A rights trading system is a system that circulates digital-tickets such as plane tickets, software license, coupon. There are two main approaches so far account-based and smart-card based systems. The NTT Proposed FlexToken, a new smart card based copy prevention scheme for digital rights. They Proposed using pseudonymous self certified keys of Petersen and Horster in order to ensure anonymity of users. However. Petersen and Holster's scheme should register a pseudonymous key pair at TTP (One-time) every time so that users create the signature which is satisfied with unlinkability property In this paper, we propose a new anonymous rights trading system using group signature. This paper has a meaning having applied to digital rights trading system an efficient smart card based group signature.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.9
• /
• pp.1845-1850
• /
• 2009

Generally, small and medium scale enterprises have conventionally been performing diligence and indolence management by hand, but many of them have been recently costing a lot of money for their diligence and indolence management and security maintenance. But yet, they have annoying sides due to the initial stage cost for the introduction of the system which is consisted of a terminal for reading a card, an RFID card, an administrative sewer and an application program for the diligence and indolence management as well as the insufficiency of the fixing skill being able to cope with the problems originating from hardware and software troubles. For this reasons, we developed a new diligence and indolence management system that the initial stage cost is moderate because it is needless to purchase a new server and to issue a new card, and the operation and management of the system is convenient because an RFID card reader communicates with a central administrative server in IDC(Internet Data Center) over internet for the diligence and indolence management.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.281-286
• /
• 2003

Nowadays, a patient's private medical data which is exposed to the outside world has a severe effect on not only the patient's private life but also his/her social activities and environment. So, it is important to securely protect the patient's private medical data from the illegal manipulation. This paper studies the method to store the electronic prescription information in an IC card. For that, an access control for users, such as a doctor, a nurse, a medical institute member, a pharmacy, a pharmacist, or a patient, is proposed to access the data stored in an IC card. The certificate is issued using the Crypto API of a certificate management model supported by Windows 2000. The public/private key is created by the Cryptographic Service Provider program, and the electronic prescription is signed using the digital signature. The proposed system, therefore, can improve the quality of medical services by securing the safety and integrity of the electronic prescription, stored in an IC card.

• Journal of Internet Computing and Services
• /
• v.16 no.3
• /
• pp.13-20
• /
• 2015

This paper proposes a Near Field Communication (NFC) communication system that exchanges information of digital business cards efficiently for many to many communication to solve inconvenience of one-to-one communication when people exchanges business cards each other in meetings such as conference, forum, seminar. The proposed system can provide people to exchange contact information one-to-one as well as multiple members at once using a digital business card system that consists a server and a database based on NFC communication. The system has been developed to collect business card information from a NFC reader and to transfer it directly to a smartphone application effectively. The system can manage business card information with the application effectively and provide security in order to prevent from leakage of private information when transferring contact data.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.4 no.3
• /
• pp.182-188
• /
• 2011

Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, this paper proposes the improved user authentication scheme based on the hash functin and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the proposed scheme is more secure and efficient than Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.503-510
• /
• 2013

Recently, the rapid development of network technology has enabled people to use various services on the internet. However, the existing password-based user authentication system used in the internet environment requires a password table, which is a potential security threat as it could be leaked by an insider. To solve this issue, remote user authentication methods that do not require a user password table have been proposed. Regarding remote user authentication using a smart card in particular, various methods have been suggested to reduce expenses and to improve stability and efficiency, but the possibility of impersonation attacks and password-guessing attacks using information saved in a user's smart card still exist. Therefore, this study proposes a remote user authentication method that can safeguard against impersonation attacks and password guessing attacks, by analyzing weak points of conventional methods and creating a smart card's ID and password that are based on the user's ID and password.

• Proceedings of the IEEK Conference
• /
• 2004.08c
• /
• pp.540-543
• /
• 2004

Address Resolution Protocol (ARP) cache poisoning is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines. ARP is not a new problem, but wireless network introduces a new attack point and more vulnerable to the attack. The attack on wireless network cannot be detected by current detection tool installed on wired network. In order to detect the ARP poisoning attack, there must be a ARP poisoning detection tool for wireless LAN environment. This paper proposes linux-based ARP poisoning detection system equipped with wireless LAN card and Host AP device driver

• The Journal of Society for e-Business Studies
• /
• v.6 no.3
• /
• pp.101-113
• /
• 2001

Security is very important in EC(Electronic Commerce) environment because exchanged information(that is transaction details, private data, charges data(card-no, accounts), etc) is various and is very sensitive. So, In this paper, we propose Secure-ReXpis(Reliable St excellent Xh3 Processing Infrastructure) System that transfer message and support Message Level Security(Encryption/Decryption and Digital Signature). And we implement Message Confidentiality Service, User Authentication ＆ Message Integrity Service and Non-Repudiation Service among the various Security Services. This system support XML message format and EDI message, WEB Data and Private Format Data, etc.

• ETRI Journal
• /
• v.31 no.4
• /
• pp.460-462
• /
• 2009

The emerging wireless networks require the design of new authentication protocols due to their dynamic nature and vulnerable-to-attack structure. Recently, Wu and others proposed a wireless authentication protocol which is claimed to be an improvement of the authentication protocol proposed by Lee and others which provides user anonymity. In this letter, we show that these protocols have a common flaw and that these protocols fail to provide user anonymity. We also propose a modification method to solve this problem.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.257-262
• /
• 2003

본 논문에서는 사용자만이 알고 있는 비밀번호와 그 사용자만이 소유하는 보안카드를 이용하여 계산된 변동비밀번호의 1회 입력만으로 비밀번호와 보안카드를 통합하여 동시에 확인함으로써 안전하게 사용자 인중을 할 수 있는 방법을 제시한다. 본 논문에서 제안하는 사용자 인중 시스템은 변동비밀번호의 1회 입력만으로 지식기반 인중의 비밀번호와 소유기반 인증의 보안카드를 동시에 확인하여 사용자 인중이 이루어지기 때문에 서버의 효율성을 증가시키며, 보안카드의 분실, 도난, 복제 둥에 따른 위험성과 비밀번호의 추측, 노출에 따른 위험성을 줄여 보다 안전한 사용자 인중 시스템을 구축할 수 있다. 또한 본 논문에서 제안하는 시스템은 현재 사용되고 있는 텔레뱅킹(폰뱅킹), 인터넷(PC)뱅킹, 증권 매매, 전자 결재 둥과 같은 기존의 비밀번호를 이용한 사용자 인중 시스템에 큰 교체 없이 적은 추가 비용으로 쉽게 적용하여 보다 안전한 인터넷과 금융 거래의 활성화에 기여할 수 있을 것이다.