• Title/Summary/Keyword: security token

Search Result 152, Processing Time 0.027 seconds

CMTO: An Inquiry into the Activation for Real Estate Security Token of the Digital Asset Hour (CMTO: 디지털 자산 시대의 부동산 토큰 증권 활성화 방안 연구)

  • Jeongmin Lee;Minhyuk Lee
    • Journal of Information Technology Services
    • /
    • v.22 no.4
    • /
    • pp.81-95
    • /
    • 2023
  • The emergence of Security Token has revolutionized the way assets are traded, bringing efficiency, transparency, and accessibility to the market. However, the Real Estate Security Token market faces challenges, particularly in terms of liquidity. The CMTO(Collateralized Mortgage Token Obligation) model addresses this issue by introducing a novel approach that combines the benefits of NFT(Non-Fungible Token), STO(Security Token Offering), and CMO(Collateralized Mortgage Obligation) techniques to enhance liquidity and promote investment in Real Estate Security Token. The CMTO framework functions by allowing DABS token investors to leverage their tokens as collateral for loans. These token-collateralized loans are pooled together and form the basis for issuing Sequential CMO named CMTO. The CMTO represent a diversified portfolio of token-collateralized loans, providing investors with options based on their financial goals and risk preferences. By implementing CMTO, the Real Estate Security Token market can overcome liquidity challenges, attract a broader range of investors, and unlock the full potential of digital assets in the real estate industry.

Vulnerability and Security Requirement Analysis on Security Token and Protection Profile Development based on Common Criteria Version 3.1 (보안토큰의 취약성/보안요구사항 분석 및 CC v3.1 기반 보호프로파일 개발)

  • Kwak, Jin;Hong, Soon-Won;Yi, Wan-Suck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.139-150
    • /
    • 2008
  • Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

Single Sign-On based Authentication System combined with Blockchain (블록체인을 활용한 Single Sign-On 기반 인증 시스템)

  • Im, Jihyeok;Lee, Myeongha;Lee, Hyung-Woo
    • Journal of Internet of Things and Convergence
    • /
    • v.4 no.2
    • /
    • pp.13-20
    • /
    • 2018
  • In this paper, we propose an authentication system that combines 'Single-Sign-On' and 'Token-based authentication' based on 'Block Chain' technology. We provide 'access control' function and 'integrity' by combining block-chain technology with single-sign-on authentication method and provided stateless self-contained authentication function using Token based authentication method. It was able to enhance the security by performing the encryption based Token issuance and authentication process and provided convenience of authentication to Web Server. As a result, we can provide token-based SSO authentication service efficiently by providing a convenient way to improve the cumbersome authentication process.

Improved Security for Fuzzy Fingerprint Vault Using Secret Sharing over a Security Token and a Server (비밀분산 기법을 이용한 보안토큰 기반 지문 퍼지볼트의 보안성 향상 방법)

  • Choi, Han-Na;Lee, Sung-Ju;Moon, Dae-Sung;Choi, Woo-Yong;Chung, Yong-Wha;Pan, Sung-Bum
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.1
    • /
    • pp.63-70
    • /
    • 2009
  • Recently, in the security token based authentication system, there is an increasing trend of using fingerprint for the token holder verification, instead of passwords. However, the security of the fingerprint data is particularly important as the possible compromise of the data will be permanent. In this paper, we propose an approach for secure fingerprint verification by distributing both the secret and the computation based on the fuzzy vault(a cryptographic construct which has been proposed for crypto-biometric systems). That is, a user fingerprint template which is applied to the fuzzy vault is divided into two parts, and each part is stored into a security token and a server, respectively. At distributing the fingerprint template, we consider both the security level and the verification accuracy. Then, the geometric hashing technique is applied to solve the fingerprint alignment problem, and this computation is also distributed over the combination of the security token and the server in the form of the challenge-response. Finally, the polynomial can be reconstructed from the accumulated real points from both the security token and the server. Based on the experimental results, we confirm that our proposed approach can perform the fuzzy vault-based fingerprint verification more securely on a combination of a security token and a server without significant degradation of the verification accuracy.

Implementation of Embedded Biometrics Technologies : A Case of a Security Token for Fingerprints (임베디드 생체 인식 기술 구현 : 지문 보안 토큰 사례)

  • 김영진;문대성;반성범;정용화;정교일
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.40 no.6
    • /
    • pp.39-46
    • /
    • 2003
  • Biometric technologies using biometric information like fingerprints features are in wide use for the secure user authentication in many services including log-in of computer systems, entrance ID and E-commercial security. Nowadays, biometric technologies are ported into small embedded systems like security tokens or smart cards due to the merit of being secure and automatic in comparison with the previous method in user authentication such as using a PIN. In this paper, the security token developed as an embedded system and tile user authentication system implemented and tested using fingerprints information are described. Communications between the security token and tile host are tested and verified with USB. And, execution time and runtime memory on tile security token board was measured and performance improvement was described. In addition, requisites for the transit from the security token to the match-on-card was mentioned.

Privacy Preserving User Authentication Using Biometric Hardware Security Module (바이오 보안토큰을 이용한 프라이버시 보호형 사용자 인증기법)

  • Shin, Yong-Nyuo;Chun, Myung-Geun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.2
    • /
    • pp.347-355
    • /
    • 2012
  • A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

Per-transaction Shared Key Scheme to Improve Security on Smart Payment System

  • Ahmad, Fawad;Jung, Younchan
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.8 no.1
    • /
    • pp.7-18
    • /
    • 2016
  • Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

Stateless Randomized Token Authentication for Performance Improvement of OAuth 2.0 MAC Token Authentication (OAuth 2.0 MAC 토큰인증의 효율성 개선을 위한 무상태 난수화토큰인증)

  • Lee, Byoungcheon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1343-1354
    • /
    • 2018
  • OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

An Application Obfuscation Method Using Security Token for Encryption in Android (안드로이드 환경에서 보안 토큰을 이용한 앱 난독화 기법)

  • Shin, JinSeop;Ahn, Jaehwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.6
    • /
    • pp.1457-1465
    • /
    • 2017
  • With the growing of smart devices market, malicious behavior has gradually expanded its scope. Accordingly, many studies have been conducted to analyze malicious apps and automated analysis tools have been released. However these tools cause the side effects that the application protection tools such as ProGuard, DexGuard become vulnerable to analyzers or attackers. This paper suggests the protection mechanism to apply to the Android apps using security token, rather than general-purpose protection solutions that can be applied in malicious apps. The main features of this technique are that Android app is not properly loaded in the memory when the security token is abnormal or is not inserted and protected parts using the technique are not exposed.

Token-Based IoT Access Control Using Distributed Ledger (분산 원장을 이용한 토큰 기반 사물 인터넷 접근 제어 기술)

  • Park, Hwan;Kim, Mi-sun;Seo, Jae-hyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.2
    • /
    • pp.377-391
    • /
    • 2019
  • Recently, system studies using tokens and block chains for authentication, access control, etc in IoT environment have been going on at home and abroad. However, existing token-based systems are not suitable for IoT environments in terms of security, reliability, and scalability because they have centralized characteristics. In addition, the system using the block chain has to overload the IoT device because it has to repeatedly perform the calculation of the hash et to hold the block chain and store all the blocks. In this paper, we intend to manage the access rights through tokens for proper access control in the IoT. In addition, we apply the Tangle to configure the P2P distributed ledger network environment to solve the problem of the centralized structure and to manage the token. The authentication process and the access right grant process are performed to issue a token and share a transaction for issuing the token so that all the nodes can verify the validity of the token. And we intent to reduce the access control process by reducing the repeated authentication process and the access authorization process by reusing the already issued token.