• Title/Summary/Keyword: Smart cards

Search Result 181, Processing Time 0.02 seconds

A Study on Smart-Card Based User Authentication (스마트카드 기반의 사용자 인증 기법에 관한 연구)

  • Lee, Jaeyoung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.2
    • /
    • pp.27-33
    • /
    • 2018
  • User authentication scheme is a method for controlling unauthorized users' access to securely share the services and resources provided by the server and for verifying users with access rights. Initial user authentication scheme was based on passwords. Nowadays, various authentication schemes such as ID based, smart-card based, and attribute based are being researched. The study of Lee et al. suggested a user authentication scheme that provides forward secrecy and protects anonymity of users. However, it is vulnerable to attacks by outsiders and attackers who have acquired smart-cards. In this paper, we propose a modified smart-card authentication scheme to complement the weakness of the previous studies. The proposed user authentication scheme provides the security for the ID guessing attack and the password guessing attacks of the attacker who obtained the login request message and the user's smart-card.

A Remote User Authentication Scheme Preserving Anonymity and Traceability with Non-Tamper Resistant Smart Cards (정보추출 가능한 스마트카드 환경에서 익명성과 추적성을 제공하는 원격 사용자 인증 기법)

  • Kwon, Hyuck-Jin;Ryu, Eun-Kyung;Lee, Sung-Woon
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.50 no.6
    • /
    • pp.159-166
    • /
    • 2013
  • Recently, because the interest and needs in privacy protection are growing, smartcard-based remote user authentication schemes have been actively studied to provide the user anonymity. In 2008, Kim et al. first proposed an authentication scheme in order to ensure the user anonymity against both external attackers and the remote server and track malicious users with the help of a trusted trace sever. However, in 2010, Lee et al. showed that Kim et al.'s scheme cannot provide the user anonymity against remote server, which is because the server can trace users without any help of the trace server, and then proposed a improved scheme. On the other hand, in 2010, Horng et al. proposed an authentication scheme with non-tamper resistant smart cards, in which the non-tamper resistant smart card means that an attacker may find out secret information stored in the smart card through special data analysis techniques such as monitoring power consumption, to be secure against a variety of attacks and to provide the user anonymity against external attackers. In this paper, we will propose a remote user authentication scheme with non-tamper resistant smart cards not only to ensure the user anonymity against both external attackers and the remote server but also to track malicious users with only the help of a trusted trace sever.

A secure token-updated authentication scheme using security key (비밀키를 이용한 토큰 업데이트 보안 인증 기법)

  • Liang, Jun;Jang, In-Joo;Yoo, Hyeong-Seon
    • The Journal of Society for e-Business Studies
    • /
    • v.12 no.1
    • /
    • pp.89-97
    • /
    • 2007
  • Recently, a large number of authentication schemes based on smart cards have been proposed, using the thinking of OTP (one-time password) to withstand replay attack. Unfortunately, if these schemes implement on PCs instead of smart cards, most of themcannot withstand impersonation attack and Stolen-Verifier attack since the data on PCs is easy to read and steal. In this paper, a secure authentication scheme based on a security key and a renewable token is proposed to implement on PCs. A comparison with other schemes demonstrates the proposed scheme has following merits: (1) Withstanding Stolen-Verifier attack (2) Withstanding Impersonation attack (3) Providing mutual authentication; (4) Easy to construct secure session keys.

  • PDF

Current and Future Trends of Smart Card Technology (스마트카드형 교통 카드의 기술 및 미래 동향)

  • Lee, Jung-Joo;Shon, Jung-Chul;Yu, Sin-Cheol
    • Proceedings of the KSR Conference
    • /
    • 2008.06a
    • /
    • pp.535-544
    • /
    • 2008
  • Unlike MS(Magnetic Stripe), SMART CARD is equipped with COS(Chip Operating System) consisting of the Microprocessor and Memory where information can be stored and processed, and there are two types of cards according to the contact mode; the contact type that passes through a gold plated area and the contactless one that goes through the radio-frequency using an antenna embedded in the plastic card. the contactless IC card used for the transportation card was first introduced into local area buses in Seoul, and expanded throughout the country so that it has removed the inconvenience such as possession of cash, fare payment and collection. Focusing on the Seoul metropolitan area in 2004, prepaid and pay later cards were adopted and have been used interchangeably between a bus and subway. The card terminal compatible between a bus and subway is Proximity Integrated Circuit Card(PICC) as international standards(1443 Type A,B), communicates in the 13.56MHz dynamic frequency modulation-demodulation system, and adopts the Multi Secure Application Module(SAM). In the second half of 2009, the system avaliable nationwide will be built when the payment SAM standard is implemented.

  • PDF

A Practical Off-line Electronic Cash System on Smart Cards Achieving Untraceability, Divisibility, and Transferability

  • Chung, Ho-Suk;Lee, Pil-Joong-
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1994.11a
    • /
    • pp.51-66
    • /
    • 1994
  • A divisible off-line electronic cash system based on cut-and-choose has first been proposed by [OO91] and recently more efficient single term divisible cash system was presented in [EO94] which is based on Brand's scheme [Bra93]. In this paper, we present a different type of single term divisible electronic cash system which is more efficient than previously proposed systems such as [OO91], [YLR93], and [EO94] in the standpoint of the amount of communication, the number of modular multiplications required in the payment transactions, and the storage requirement in the withdrawal protocol. Our scheme is a modified version of [LL93], where the major improvement has been made in its withdrawal transaction to introduce untraceability and multi-spendability. We have borrowed the idea of the withdrawal protocol of our scheme from [EO94] with minor modifications. Transferability in our scheme allows only a finite number of transfer. Our scheme satisfies an the desirable properties of an electronic cash system such as untraceability, divisibility and transferability. In addition, we present a n-spendable cash. The basic idea of extension to multi-spendability has been borrowed from [Bra93] with minor modifications.

  • PDF

Design of hardware module to process contactless protocol for IC card system (IC카드 시스템을 위한 비접촉 프로토콜 처리모듈 설계)

  • Jeon, Yong-Sung;Park, Ji-Mann;Ju, Hong-Il;Jun, Sung-Ik
    • Proceedings of the KIEE Conference
    • /
    • 2003.11c
    • /
    • pp.713-716
    • /
    • 2003
  • In recent, the contactless IC card is widely used in traffic, access control system and so forth. Contactless smart cards use a technology that enables card readers to provide power for transactions and communications without making physical contact with the cards. Usually electromagnetic signal is used for communication between the card and the reader. Contactless card is highly suitable for large quantity of card access and data transaction. And its use becomes a general tendency more and more because of the development of RF technology and improvement of requirement for user convenience. This paper describes the hardware module to process contactless protocol for implementation contactless IC card. And the hardware module consists of specific digital logic circuits that analyze digital signal from analog circuit and then generate data & status signal for CPU, and that convert the data from CPU into digital signal for analog circuit.

  • PDF

Multilateral Analysis on the Implementation of Electronic Resident Registration Cards (전자주민증 도입에 따른 다각적인 분석)

  • Lee, Young Gyo;Ahn, Jeong Hee
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.2
    • /
    • pp.109-121
    • /
    • 2009
  • As our society is changed to the information & digital society based on the internet, the requirement that the analog certificate of Korean residence is changed to digital one is increased. The Korean Government selected the smart card of 72 KB for the digital certificate of Korean residence and try to insert the personnel information of 41 items to it. The method that the numerous personnel information is stored in one smart card is convenience to use. If the certificate of residence is lost, the number of personnel information is misused or spreaded thorough the Internet by the hacking. In this paper, we analyze the problem about the digital certificate of Korean residence and propose the countermeasure about the problem. In the proposal, the digital certificate of residence have only the certificate. Therefore, the size of the smart card is minimized and can be canceled at the loss of the certificate of residence. And the exposure worry of personnel information will be decreased.

Contactless Smart Card as a Cache for Geocaching

  • Burda, Karel
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.7
    • /
    • pp.205-210
    • /
    • 2021
  • In this paper, the possibility of using a contactless smart card as a cache for geocaching is analyzed. Geocaching is an outdoor game in which players search for hidden boxes, or caches based on geographical coordinates. The problems with this game are the possibility of players cheating and the need to maintain the caches. And then there is the problem of the ignorant public accidentally discovering a cache and considering it an explosive device. This paper proposes a concept for a possible solution to the above problems by replacing the boxes with conventional contactless smart cards. Also, this concept makes geocaching more attractive by using various games. This paper proposes a system architecture as well as the cryptographic protocol required for secure communication between the player's smartphone and the card.

Electronic Payment Systems : A Framework for Comparative Analysis (전자지불시스템의 비교분석을 위한 프레임웤)

  • Kim, Chang-Su;Hong, Il-You
    • Asia pacific journal of information systems
    • /
    • v.8 no.3
    • /
    • pp.147-163
    • /
    • 1998
  • Advances in information and telecommunications technology are producing unprecedented shifts in the way businesses conduct their business, Today, electronic commerce is becoming pervasive due to, in large part, the widespread use of Internet and Worldwide Web. One element that plays an important role in shaping the success of electronic commerce is the electronic payment system. Deficiency in its reliability and security may lead to unwanted outcomes, including economic losses and customer dissatisfaction. By far, numerous forms of electronic payment systems have been introduced in the virtual marketplace. However, there exists little research that has focused on the characteristics of the electronic payment systems such that they may be compared with one another. This article is aimed at providing a framework for comparative analysis of electronic payment systems, examining the characteristics of the individual payment systems, and suggesting a choice strategy which enables a firm to select an appropriate payment system suited to their business needs. The framework classifies electronic payment systems into four categories including electronic cash, electronic checks, credit cards, and smart cards, and it can be employed in planning for an electronic commerce system.

  • PDF

Cryptanalysis and Enhancement of the An's Remote User Authentication Scheme using the Smart Cards (스마트카드를 이용한 An의 원격 사용자 인증 스킴의 안전성 분석 및 개선)

  • Shin, Seung-Soo;Han, Kun-Hee
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.10
    • /
    • pp.4612-4617
    • /
    • 2011
  • Hsiang-Shin proposed a user authentication scheme which was created by improving Yoon's scheme. Afterwards, An showed the failure to meet security requirements which are considered in user authentication using password-based smart card in Hsiang-Shih-suggested scheme. In other words, it was found that an attacker can steal a user's card, and detect a user's password by temporarily accessing it and extracting the information stored in it. However, An-proposed scheme also showed its vulnerability to password-guessing attack and forgery/impersonation attack, etc. and thus, this paper proposed the improved user authentication scheme. The proposed authentication scheme can thwart the password-guessing attack completely and this paper proposed scheme also includes an efficient mutual authentication method that can make it possible for users and authentication server to certify the other party.