• Title/Summary/Keyword: credit authentication

Search Result 49, Processing Time 0.022 seconds

Responsibility and Credit: New Members of the Authentication Family? (인증 프로토콜과 Responsibility/Credit 개념에 관한 고찰)

  • Park, Dong-Gook
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.5
    • /
    • pp.105-114
    • /
    • 2005
  • There are several goals or properties which authentication protocols may have; some of them are key freshness, far-end aliveness, key confirmation, etc. Most of them have extensively been discussed and studied so far in the literature. 'Responsibility' and 'credit', which were first raised by Abadi as additional goals, received quite an exceptional treatment; there were little response from researchers about these new goals. It is surprising to see that these two properties have slipped through any investigation, successfully achieving the positions as the goals for authentication protocols. In this paper, we investigate these two new properties and their relations to authentication protocols, and answers to the question: what brings us credit and responsibility.

Implementation of Mobile IPv6 Fast Authorization for Real-time Prepaid Service (실시간 선불 서비스를 위한 모바일 IPv6 권한검증 구현)

  • Kim Hyun-Gon
    • Journal of Internet Computing and Services
    • /
    • v.7 no.1
    • /
    • pp.121-130
    • /
    • 2006
  • In next generation wireless networks, an application must be capable of rating service information in real-time and prior to initiation of the service it is necessary to check whether the end user's account provides coverage for the requested service. However, to provide prepaid services effectively, credit-control should have minimal latency. In an endeavor to support real-time credit-control for Mobile IPv6 (MIPv6), we design an implementation architecture model of credit-control authorization. The proposed integrated model combines a typical credit-control authorization procedure into the MIPv6 authentication procedure. We implement it on a single server for minimal latency. Thus, the server can perform credit-control authorization and MIPv6 authentication simultaneously. Implementation details are described as software blocks and units. In order to verify the feasibility of the proposed model. latency of credit-control authorization is measured according to various Extensible Authentication Protocol (EAP) authentication mechanisms. The performance results indicate that the proposed approach has considerably low latency compared with the existing separated models, in which credit-control authorization is separated from the MIPv6 authentication.

  • PDF

A Reform Measure of the Structure and Transaction Process for the Safety Improvement of a Credit Card (신용카드의 안전성 향상을 위한 구조 및 거래절차 개선방법)

  • Lee, Young Gyo;Ahn, Jeong Hee
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.3
    • /
    • pp.63-74
    • /
    • 2011
  • Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

Implementation of a Credit Authentication System (전자상거래에서 상점에 대한 신용 보증 시스템 구현)

  • 백기영
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.2
    • /
    • pp.37-48
    • /
    • 1999
  • The Internet has been used as the academic researching purposes. Nowadays accordance with improving and being familiar with the World-Wide Web Many people are giving it a try to use the Internet as commerce markets. The noticeable example of internet-based use of the commerce is the Internet shopping mall. Using the WWW companies exhibit their products and users select the ones and take the payment for ones in the on-line Increasing the the Internet shopping mall there needs to be the countermeasure that companies and clients must verify each other. In this paper there are explained the development credit authentication system of the Internet shopping mall and the construction of the trusted environment clients can use Internet shopping mall. That is to develop the credit authentication system the credit-rating of Internet shopping mall can be sent securely and easily to clients and the information of credit-ranting cannot be eavesdropped.

A Study on Authentication Process in Smartphone Electronic Financial Services (스마트폰 전자금융서비스에서의 인증과정에 관한 연구(앱카드를 중심으로))

  • Kim, Hanwoo;Lee, Keun Young;Lim, Jong In;Kwon, Hun Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.579-590
    • /
    • 2018
  • In May 2014, AppCard(Which is a smartphone application designed to register and use a credit card in a mobile phone by credit card company.) was attacked by smshing and a vulnerability which could not obtainable phone number. After that, credit card companies have supplemented and operated by introducing additional authentication methods to supplement the vulnerability. However, The analysis of the authentication environments, purposes and methods is not enough to lower the level of vulnerability and risk from existing accidents. This study analyzes the authentication process of the AppCard in the electronic financial service by applying the NIST's authentication guidelines, identifies the problems and suggests improvement directions. The method analyzed in this study can be applied to the analysis of the authentication method in addition to the application card, so that it will be highly utilized.

Public Key based Virtual Credit Card Number Payment System for Efficient Authentication in Card Present Transaction (대면거래환경에서 효율적인 인증을 위한 공개키 기반의 가상카드번호 결제 기법)

  • Park, Chan-ho;Park, Chang-seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1175-1186
    • /
    • 2015
  • Financial fraud has been increasing along with credit card usage. Magnetic stripe cards have vulnerabilities in that credit card information is exposed in plaintext and cardholder verification is untrustworthy. So they have been replaced by a smart card scheme to provide enhanced security. Furthermore, the FinTech that combines the IT with Financial product is being prevalent. For that reason, many mobile device based payment schemes have been proposed for card present transaction. In this paper, we propose a virtual credit card number payment scheme based on public key system for efficient authentication in card present transaction. Our proposed scheme is able to authenticate efficiently in card present transaction by pre-registering virtual credit card number based on cardholder's public key without PKI. And we compare and analyze our proposed scheme with EMV.

A Study on the System of Risk Management in the Int'l Trade by Internet Network (인터넷무역위험(貿易危險)의 관리체계(管理體系)에 관한 고찰(考察))

  • Ha, Kang-Hun
    • THE INTERNATIONAL COMMERCE & LAW REVIEW
    • /
    • v.15
    • /
    • pp.239-261
    • /
    • 2001
  • There are many kinds of risk in int'l trade by internet network, such as credit risk, mercantile risk, contingency risk, exchange risk, physical risk and the risk on internet network. Especially, risk management against credit risk and the risk on internet network are very important. The former is conventional but more important these days. The latter is a new risk that has been incurred owing to the int'l trade by internet network. The system of risk management against the former are firstly, to surely research credit of counterpart by internet, secondly, to certify the entity by password or fingerprint, thirdly, to pay the price under a letter of credit, fourthly, to use the system of int'l trade such as bolero, trade card, finally, to use the authority of electronic trade services. The system of risk management against the latter are firstly, to install the firewall on the own computer network, secondly, to entrust the management own computer network to the network security services firm, thirdly, to electronically communicate with counterpart through the certification authority, finally, to insure against the own network risk with the security insurance company.

  • PDF

A Secure Credit Card Transaction Method Based on Kerberos

  • Kim, Jung-Eun;Kim, Yoo-Hwan
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.1
    • /
    • pp.51-70
    • /
    • 2011
  • This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

A Study on Cooperation between Kerberos system and Credit-Control Server

  • Choi, Bae-Young;Lim, Hyung-Jin;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.281-284
    • /
    • 2005
  • Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

  • PDF

Cryptographically-Generated Virtual Credit Card Number for Secure Card-Not-Present Transactions

  • Park, Chan-Ho;Park, Chang-Seop
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.4
    • /
    • pp.1864-1876
    • /
    • 2016
  • Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.