• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.2
• /
• pp.289-298
• /
• 2016

Though, thanks to NPKI(National Public Key Infrastructure), the Korean secure Internet transaction environment has been rapidly grown in the last decade, it also faces with several problems, which need to be solved in near future, mainly resulted from the lack of openness and compatability of the NPKI-based environment which is operating in a closed way. It is believed that those problems of the NPKI can be solved when it is implemented to be based on the SSL/TLS, an international standard for web-based secure Internet transactions. The transition to the SSL/TLS-based NPKI needs to be performed so that the advantages of current NPKI are well maintained. The purpose of this paper is to comparatively analyze the NPKI and the SSL/TLS so as to give basic idea of implementing the current NPKI to be based on the SSL/TLS. The analysis will show not only how the SSL/TLS-based NPKI can improve current NPKI but also how the advantages of current NPKI can be maintained by the SSL/TLS-based NPKI.

• Proceedings of the CALSEC Conference
• /
• 1998.10a
• /
• pp.301-312
• /
• 1998

◆ 전자상거래 프로토콜 ㆍ IKP (Internet Keyed Payment) IBM ㆍ SEPP (Secured Electronic Payment Protocol) : 개방형 표준을 제공하는 최초의 다자간 프로토콜 ㆍ SET (Secure Electronic Transaction) - 인터넷과 같은 네트워크 상에서 안전한 신용카드 거래를 위한 기술사양 - RSA 데이터 보안회사의 암호화 기술에 기초 - 상호운영성(interoperability) 보장(중략)

• Proceedings of the CALSEC Conference
• /
• 2001.08a
• /
• pp.165-176
• /
• 2001

* Extension of EC(Electronic Commerce) * Standard of Message -EDI : UN/EDIFACT, ANSI X12, etc -XML : ebXML, CML, MathML, WIDL, etc * Various of Information -Business Transaction Data -Private Data : ID, Password, Personal Information -Charge Data : Accounts, Card, etc * Message Level Security(omitted)

• Proceedings of the Korean Institute of Communication Sciences Conference
• /
• 2004.11a
• /
• pp.454-454
• /
• 2004

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.673-675
• /
• 2002

기존의 SET은 전자서명(digital signature), 데이터 암호화(data encryption), 전자 봉투(digital envelope)로 구성되어 있으며, RSA, SHA, DES를 사용하여 프로토콜을 구현하는데, 본 논문은 ECC의 공개키와 개인키를 이용하여 암호 강도가 강화된 대칭키 알고리즘을 제안하고 SET의 전자 봉투를 생략한 SSET를 제안하고 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1231-1245
• /
• 2015

People have transferred their business model from traditional commerce to e-commerce in recent decades. Both shopping and payment can be completed through the Internet and bring convenience to consumers and business opportunities to industry. These trade techniques are mostly set up based on the Secure Sockets Layer (SSL). SSL provides the security for transaction information and is easy to set up, which makes it is widely accepted by individuals. Although attackers cannot obtain the real content even when the transferred information is intercepted, still there is risk for online trade. For example, it is impossible to prevent credit card information from being stolen by virtual merchant. Therefore, we propose a new mechanism to solve such security problem. We make use of the disposable dynamic security code (DSC) to replace traditional card security code. So even attackers get DSC for that round of transaction, they cannot use it for the next time. Besides, we apply visual secret sharing techniques to transfer the DSC, so that interceptors cannot retrieve the real DSC even for one round of trade. This way, we can improve security of credit card transaction and reliability of online business. The experiments results validate the applicability and efficiency of the proposed mechanism.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.41 no.5
• /
• pp.25-32
• /
• 2004

An anti-fraud system that utilizes association rules of fraud as well as AFS (Anti Fraud System) for credit card payments in e-commerce is proposed. The association rules are found by applying the data mining algorithm to millions of transaction records that have been generated as a result of orders on goods through the Internet. When a customer begins to process an order by using transaction components of a secure messaging protocol, the degree of risk for the transaction is assessed by using the found rules. More credit information will be requested or the transaction is rejected if it is interpreted as risky.

• Journal of the Korean Data and Information Science Society
• /
• v.20 no.1
• /
• pp.125-137
• /
• 2009

Smart card has a small sized micro computer chip. This chip contains processor, RAM, ROM, clock, bus system and crypto-co-processor. Hence it is more expensive, complicated and secure chip compared with RFID tag. The main application area of smart card is e-banking and secure communications. There are two kinds of smart card platforms; open platform and closed one. Java card is the most popular open platform because of its security, platform independency, fast developing cycle. However, the speed of Java card is slower than other ones, hence there have been hot research topics to improve the performance of Java card. In this paper, we propose an efficient transaction buffer management to improve the performance of Java card. The experimental result shows the advantage of our method.

• Journal of Internet Computing and Services
• /
• v.9 no.6
• /
• pp.73-79
• /
• 2008

Nowadays, all over the world's banks use internet banking through various authentication methods. Although there are strong authentication methods using OTP (One Time Password), there still has vulnerability from sophisticated attacks such as MITM (Man In The Middle). This letter proposes signing-based authentication protocol that copes with attacks, such as MITB (Man In The Browser), and provides non-repudiation function. The protocol shows generic method to prevent the sophisticated attacks through connecting advantages from OTP and PKI (Public Key Infrastructure) certificate, and that can be deployed to various extended form in internet banking.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.348-353
• /
• 2004

Development of an efficient and secure payment system is prerequisite for the construction of electronic payment mechanism in mobile environment. Since current PayWord protocol system generates vendor's certificate for each transaction, it requires lot of operation for transaction. In this paper, we use a session key generated by ID-based tripartite Key agreement protocol which use an Elliptic Curve Cryptosystem over finite field $F_{q}$ for transactions. Therefore, our protocol reduces algorithm operations. In particular, proposed protocol using ID-based public key cryptosystem has the advantages over the existing systems in speed and it is more secure in Man-in-the-middle attacks and Forward secrecy.