• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.19-24
• /
• 2016

A Study on the Information Security System of Fin-Tech Business In traditional electronic commerce, there have not been severe issues of trading information through documents in paper or the closed EDI. The scale of e-commerce has increased as internet develops, however, turning to the online e-commerce, which caused a number of issues such as authentication, information forgery, and non-repudiation between the parties. To prevent conflicts from such troubles and perform the post management, security technologies are applied throughout the process of e-commerce, certificates intervening. Lately, meanwhile, FinTech has been creating a sensation around the mobile payment service. Incidents of information leakage from card corporations and hackings imply the need of securing safety of the financial service. Development and evolution of FinTech industry must be accompanied by information protection. Therefore, this research aims to inquire into the information security system of leading FinTech company in a foreign country.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.939-946
• /
• 2011

The Internet banking service provides convenience than the traditional offline services. However, it still causes a number of security problems including hacking. In order to strengthen security, the financial institutions have provided such authentication methods as the official authentication certificate, the security token, the security card and OTP. However, the incidents related to hacking have continuously occurred. Especially, various weak points have been suggested for the authentication methods in regard to such types of hacking as the memory hacking or the MITM attack. So I needed was a new authentication method. In this study, the two-channel authentication method which provide two-way authentication on the user's PC and mobile device when executing the electronic financial transactions in the Internet banking environment is suggested. Also, by analyzing it in comparison with other existing methods, it is possible to check that the prospects of safety and credibility are strengthened.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.139-147
• /
• 2010

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.'s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.'s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.31-39
• /
• 2008

Recently, remote user authentication schemes using smart cards has been researched to provide user privacy because of increasing interest and demands. Previously, provided authentication schemes were only concerned about providing user privacy against outside attackers, but the scheme. which guarantees user privacy against both a remote server and outside attackers, has been recently demanded because the user's information has leaked out through the service providers. When the remote server perceives a user doing a malicious act, the server should be able to trace the malicious user by receiving help from a trust agency. In this paper, we suggest a scheme which not only guarantees user privacy against both a remote server and outside attackers, but also provides traceable anonymity authentication.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.2
• /
• pp.219-224
• /
• 2011

Recently increasing importance of information security, personal security is researched. Among them, biometrics research is very good at recognition and security particularly in terms of iris recognition. Recent hospital physicians and employees for access control is emphasized. But most of them, easy-employee card access control systems are used. It has difficulties of iris recognition on the issue of accurate iris recognition algorithm to eliminate noise and inaccuracy of pretreatment methods for recognition from existing research. Therefore, this paper complements existing encryption methods to the disadvantages of biometric iris recognition using high-access records in the hospital management system is applied. In addition to conventional pretreatment process to increase recognition eyebrows when mask line component added to the extraction mask, the correct preparation method, and accordingly proposed to improve the recognition of records management systems offer access to the hospital.

• Journal of the Korea Convergence Society
• /
• v.8 no.2
• /
• pp.9-14
• /
• 2017

A fingerprint is unique to each person and can be represented as a digital form. As the fingerprint is the part of human body, fingerprint recognition is much more easy to use and secure rather than using password or resident card for user authentication. In addition, as the newly released smart phones have built-in camera and fingerprint sensors, the demand for biometric authentication is increasing rapidly. But, the drawback is that the fingerprint can be counterfeited easily and if it's exposed to the hacker, it cannot be reused. Thus, the original fingerprint template should be transformed for registration and authentication purposes. Existing transformation functions use passcode to transform the original template to the cancelable form. Additional module is needed to input the passcode, so it requires more cost and lowers the usability. In this paper, we propose biometric authentication scheme that is economic and easy to use. The proposed scheme is consisted of cancelable biometric template creation, registration and user authentication protocols, and can control several security levels by configuring the number of fingerprints and scan times. We also analyzed that our scheme is secure against the brute-force attack and the active attacks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.10
• /
• pp.2750-2759
• /
• 2009

In this paper, we analyze vulnerabilities in a remote authentication protocol using smartcards which was proposed by Bindu et al. and propose an improved scheme. The proposed scheme can prevent from restricted replay attack and denial of service attack by replacing time stamp with random number. In addition, this protocol can guarantee user anonymity by transmitting encrypted user's ID using AES cipher algorithm. The computational load in our protocol is decreased by removing heavy exponentiation operations and user efficiency is enhanced due to addition of password change phase in which a user can freely change his password. Furthermore, we really implement the proposed authentication protocol using a STM smartcard and authentication server. Then we prove the correctness and effectiveness of the proposed remote authentication system.

• Journal of Korea Multimedia Society
• /
• v.10 no.7
• /
• pp.902-911
• /
• 2007

GSM platform is a hugely successful wireless technology and an unprecedented story of global achievement. In less than ten years since the first GSM network was commercially launched, it became the world's leading and fastest growing mobile standard, using over 1 billion GSM subscribers across more than 200 countries of the world. GSM platform evolved into 3th generation mobile communication which includes not only voice call services but also the international roaming and various kinds of the multimedia services. GSM is an essential element techniques a safe data transmission and a personal private protection while support services. However, a crypto algorithm and a secure protocol for a safe data communication using GSM are indicating various kinds of problems. In this paper, we propose a more safer and more efficient authentication protocol in 3th generation network through analysis of GSM security mechanism of 2th/2.5th generation. This security protocol offers enforced security efficiency by using user verification between SIM/ME and reduction of authentication and key agreement step between SIM/ME/AuC.

• The KIPS Transactions:PartA
• /
• v.10A no.5
• /
• pp.433-438
• /
• 2003

To provede public services through Internet, there are several prerequisites such as security issue resolutions for public area installation and hardware support for authorized signatures etc. in addition to web-based system development. A kiosk-based system is a right solution for public services provision through Internet because a kiosk has hardware features supporting authorized signatures and also it can be installed at public area through Internet without security exposure, meeting security guidelines of National Intelligence Service. The process to provide public services through a koisk is that a client requests a kind of public services selecting menu through the kiosk, then the system issues a civil service documents after taking authentification and payment process. To support those kinds o processes it is required to support electronic payment using SMART card in addition to cash payment and to apply government standard security guidelines to protect administrative and personal information. This kiosk-based Internet public service system support and meet those all requirements.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.11
• /
• pp.966-971
• /
• 2013

This paper introduces development of a Military Entrance Control System using the developed military insignia UHF RFID tags. Generally, in the military entrance control system, the security identification (ID) card with HF RFID tag can be used, to increase the security level, the developed insignia UHF RFID tags are used in the enforced military entrance control system. The general metal insignias, have been worn on a hat or on the shoulder pads of a military uniforms, are simulated and developed as UHF RFID insignia tags. The military entrance control system can manage the name, rank, address (information of military personnel), time and date of entrance and the history of entrance of the security area.