• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.3
• /
• pp.507-513
• /
• 2007

In this paper, we propose an efficient authentication protocol based on certificateless signature scheme, which does not need anyinfrastructure to deal with certification of public keys, among the vehicles in Vehicular Ad-hoc Networks. Moreover, due to the characteristicsof VANET nodes (i.e., vehicles) that is fast and movement, the proposed protocol introduces the concept of interval signing key to overcome efficiently the problem of certificate revocation in traditional Public Key Infrastructure(PKI).

• Convergence Security Journal
• /
• v.12 no.6
• /
• pp.39-50
• /
• 2012

Battlefield management systems are operated by the Public Key Infrastructure (PKI) and cryptographic equipment is distributed through the personal delivery to the enemy has deodorizing prone to structure. In addition, Per person each battlefield management system (C4I) encryption key operate and authentication module to manage multiple encryption so, encryption key operating is restrictions. Analysis of the problems of this public key infrastructure(PKI), Identity-Based Cryptosystem(IBC) and Attribute-Based Cryptosystem(ABC) to compare construct the future of encrypt ion and authentication system were studied. Authentication method for the connection between the system that supports data encryption and secure data communication, storage, and communication scheme is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.3
• /
• pp.57-66
• /
• 2006

In this paper. proposes Multi_Kerberos certification mechanism that improve certification service of based on PKINIT that made public in IETF CAT Working Group. This paper proposed to a certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, to get public key from DNS server by chain (CertPath) between realms by certification and key exchange way that provide service between realms applying X.509, DS/DNS of based on PKINIT, in order to provide regional services. This paper proposed mechanism that support efficient certification service about cross realm including key management. the path generation and construction of Certificate using Validation Server, and recovery of Session Key. A Design of Multi_Kerberos system that have effects simplify of certification formality that reduce procedures on communication.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• Journal of Multimedia Information System
• /
• v.3 no.2
• /
• pp.13-20
• /
• 2016

Biometric authentication for account-based mobile payment continues to gain attention because of improvements on sensors that can collect biometric information. We propose an enhanced method for mobile payment security based on biometric authentication. In this mobile payment system, the communication between the user and the relying party is based on public key infrastructure. This method secures both the key and the biometric template in the user side using fuzzy vault biometric cryptosystems, which is based on non-random chaff point generator. In this paper, we consider an important process for the common fuzzy vault system, that is, the feature extraction method. We evaluate various feature extraction methods to enhance the accurate performance of the system.

• Journal of Korea Multimedia Society
• /
• v.7 no.9
• /
• pp.1282-1293
• /
• 2004

This paper proposes an asymmetric watermarking system using Public Key Infrastructure. The distinguishing characteristic of the proposed method connects between the two different techniques, cryptography technique and watermarking technique, by using the authentication technique. The connection between the two techniques are established based on the special qualities of each technique. Watermarks that are inserted into the digital contents consist of a digital signature described as an encrypted copyright information with the private key of a distributor or a copyright holder, and an authentication code. In the situation where the ownership of the digital contents has to be decided, authentication technique examines the data integrity of the digital contents based on an authentication and decides the ownership of the digital contents by examining whether it satisfies or not satisfies the integrity test. The formal case uses decryption method which compares the user defined copyright information, and the decrypted copyright information extracted from the watermark in the digital contents that are decrypted by distributors' public key The latter case determines the ownership by comparing the similarity between encrypted copyright information separated from the watermark that are extracted from the digital contents, and the user defined encrypted copyright information that are separated from the watermark The proposed method provides protection from the assault which attempts to identify or erase the encoding key.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.5
• /
• pp.986-992
• /
• 2003

In this paper we challenge the user Authentication using Kerberos V5 authentication protocol in WPKI environment. this paper is the security structure that defined in a WAP forum and security and watches all kinds of password related technology related to the existing authentication system. It looks up weakness point on security with a p개blem on the design that uses wireless public key-based structur and transmission hierarchical security back of a WAP forum, and a server-client holds for user authentication of an application level all and all, and it provides one counterproposal. Therefore, We offer authentication way solution that connected X.509 V3 with using WIM for complement an authentication protocol Kerberos V5 and its disadvantages.

• Review of KIISC
• /
• v.7 no.3
• /
• pp.77-98
• /
• 1997

암호화 기술의 확장성 측면에서 우수한 공개키 기반 하부구조(Public Key Infrastructure)는 전자 상거래 서비스에서 필요한 제반 인증 기술을 제공하고 있다. 공개키를 보증하는 기반 기술과 인증서의 안전한 사용 기술은 공개키 기반 전자 상거래의 기본 기술이다. 이러한 기본 기술 중에는 키 복구(Key Recovery) 및 비밀 분산(Secret Sharing) 기술이 포함되며 인증기관(Certificate Authority : CA)을 통한 키 관리 효율성 및 인증기관과 서비스 사용자간의 안전한 정보 교환 기술이 또한 요구된다. 본 논문에서는 인터넷 기반의 전자 상거래 시 사용되는 공개키 기반의 인증구조에 대하여 검토 분석한다.