A Study of the Cross Certification in Internet Banking

인터넷뱅킹에서의 상호인증에 관한 연구

  • 이영교 (서일대학교 인터넷정보과) ;
  • 안정희 (두원공과대학교 스마트폰컨텐츠과)
  • Received : 2014.06.03
  • Accepted : 2014.06.23
  • Published : 2014.09.30


Pharming attack is a confidence trick that the hacker catch away customers financial information on Internet banking. At first, a hacker installs malicious execution code on customers PC in secret. As a customer tries to connect a Internet banking Web site, the malicious code changes it to phishing site in Internet explorer. The hacker catch away customers financial information in process of internet banking. The hacker steals money from customer's bank account using stolen information. PKI is a widespread and strong technology for providing the security using public key techniques. The main idea of PKI is the digital certificate that is a digitally signed statement binding an user's identity information and his public key. The Internet banking service stands on the basis of PKI. However, the bank is trusted in natural, the only customer is certified in the present Internet banking. In this paper, we propose a method of cross certification in Internet banking. The customer certify a bank and the bank certify the customer in proposed method. The method can service to customer the secure Internet banking about pharming attack. We compare the proposed method with other methods.



  1. "사회공학", 위키백과,
  2. "피싱", 위키백과,
  3. "스미싱", 위키백과,
  4. "파밍", 위키백과,
  5. "피싱방지 개인화이미지", 국민은행,
  6. "나만의 은행주소", NH농협은행,
  7. "그래픽인증 서비스", 우리은행,
  8. NIST FIPS (Federal Information Processing Standards Publication) 186-1, "Digital Signature Standard," December, 1998.
  9. Lars Christensen, "Secure and mobile digital signature for internet banking,"
  10. Paul Kocher, "On Certificate Revocation and Validation," Financial Cryptography (FC'98), LNCS 1465, Springer-Verlag, 1998, pp. 172-177.
  11. Carlisle Adams, Stephen Farrell, "Internet X. 509 Public Key Infrastructure : Certificate Management Protocols," Request for Comments(RFC) : 2510, available at
  12. Carlisle Adams, Peter Sylvestor, Michael Zolotarev and Robert Zuccherato, "Internet X. 509 Public Key Infrastructure Data Validation and Certification Server Protocols," IETF RFC 3029, February, 2001.
  13. Russell Housley, Warwick Ford, Tim Polk and David Solo, "Internet X. 509 Public Key Infrastructure Certificate and CRL Profile," IETF RFC 3280, April, 2002.
  14. 윤승구.박재표, "OTP를 이용한 인터넷뱅킹 시스템의 다중 채널 인증 기법," 디지털산업정보학회, 논문지, 제6권, 제4호, 2010, pp. 131-142.
  15. 김익수.최종명, "피싱과 파밍 공격에 대응하기 위한 인증 프로토콜 설계," 디지털산업정보학회 논문지, 제5권, 제1호, 2009, pp. 63-70.