• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.37 no.1
• /
• pp.60-66
• /
• 2000

This paper proposes a design of phone card IC with the self-test features and the hardware and software security functions. We design and verify the proposed functions with modeling the terminal system environment. The proposed phone card IC provides instructions and a non-volatile memory block containing the manufacturer / issuer / user information, the unit (money) value, and the security key. The self-test functions are designed to improve the test time degradation due to a serial I/O communication. Also some security features are implemented using hardware and software approaches.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1027-1036
• /
• 2014

In 2012, Sonwanshi et al. suggested an efficient smar card based remote user authentication scheme using hash function. In this paper, we point out that their scheme is vulnerable to offline password guessing attack, sever impersonation attack, insider attack, and replay attack and it has weakness for session key vulnerability and privacy problem. Furthermore, we propose an improved scheme which resolves security flaws and show that the scheme is more secure and efficient than others.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1337-1344
• /
• 2012

This paper analyzed electronic transaction systems of social commerce service which have rapidly grown recent days, and as a result found that most of the electronic transaction systems of social commerce service had payment amount modification issue. This paper proposes a method for solving the payment amount modification issue. The proposed method adds an authentication process between servers of social commerce service provider and payment-gateway company. The added authentication process prohibits user getting involved in payment procedure, and thus prevents payment amount modification.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.12
• /
• pp.4962-4967
• /
• 2010

Security of the electronic commercial transaction especially through the information communication network is gaining its significance due to rapid development of information and communication related fields. For that, some kind of cryptographic algorithm is already in use for the smart card. However, the growing needs of handling multimedia and real time communication bring the smart card into more stringent use of its resources. Therefore, we proposed a key scheduler block of the smart card to facilitate multimedia communication and real time communication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.3-14
• /
• 1999

In this paper, the Client-Server authentication system is proposed and implemented using the smart card on the internet. Based on the MPCOS-3DES smart card manufactured by GEMPLUS, three phases of authentication using the challenge-response mechanism are performed, which includes user-card authentication, client-server authentication, and card-server authentication.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• The Journal of Korean Association of Computer Education
• /
• v.10 no.3
• /
• pp.57-66
• /
• 2007

E-mail system is considered as a most important communication media, which can be used to transmit personal information by internet. But e-mail attack also has been increased by spoofing e-mail sender address. Therefore, this work proposes sender verification faculty for spam mail protection at sender's MTA by using security card for protection forged sender and also for authenticating legal sender. Sender's mail MT A requests security card's code number to sender. Then sender input code number and generate session key after sender verification. Session key is used to encrypt sender's signature and secure message transmission. This work can provide efficient and secure e-mail sender authentication with sender verification and message encryption.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.1
• /
• pp.81-87
• /
• 2014

Password-based authentication using smart card provides two factor authentications, namely a successful login requires the client to have a valid smart card and a correct password. While it provides stronger security guarantees than only password authentication, it could also fail if both authentication factors are compromised ((1) the user's smart card was stolen and (2) the user's password was exposed). In this case, there is no way to prevent the adversary from impersonating the user. Now, the new technology of biometrics is becoming a popular method for designing a more secure authentication scheme. In terms of physiological and behavior human characteristics, biometric information is used as a form of authentication factor. Biometric information, such as fingerprints, faces, voice, irises, hand geometry, and palmprints can be used to verify their identities. In this article, we review the biometric-based authentication scheme by Cheng et al. and provide a security analysis on the scheme. Our analysis shows that Cheng et al.'s scheme does not guarantee any kind of authentication, either server-to-user authentication or user-to-server authentication. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, on Cheng et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Cheng et al.'s scheme.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2006.05a
• /
• pp.183-186
• /
• 2006

It is studied the implementation possibility of some encryption algorithms which meet the performance requirements in the smart card used in the TETRA system End-to-End Encryption. It is measured the operation time of the algorithm in the smart card which has 32 bit smart card controller made by Samsung Electronics. The algorithms used in the performance comparison are AES, ARIA, 3DES, SEED, IDEA which are the domestic or international standards. The input and output time of the smart card are measured using the smart card protocol analyzer. The pure algorithm operation time is calculated by the repeated algorithm operations. This measurement results can be used as the criteria for the selection of algorithm which will be used in the TETRA End-to-End encryption system. The algorithm which has better performance can be used for the implementation of additional functions in the smart lard, because of the enough time margin.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.31-42
• /
• 2003

Prepaid plastic card issued by Korea Highway Company had a lot of problems in end-user usage and management. HipassPLUS Card, which is a smart card used for a prepaid electronic payment, overcomes the problems of Prepaid Plastic card. HipassPLUS Card is also designed be compatible to other cards such as public transportation card. Thus, for the safety of using the card in such environment, the functionality and the security of HipassPLUS card should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure to examine the functionality and security of the payment mechanism of HipassPLUS card. The test module contains the method and the procedure to test the standard items according to the test checklist of HipassPLUS card. The test items and the test checklist of HirassPLUS card was selected under the provision of the specification of Korea Highway Company and ISO standard. The results of evaluation on HipassPLUS card using the proposed test module indicates that 4he HipassPLUS card satisfied the criteria under the characteristics of the functionality, security, and compatibility.