Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Secure Mobile Payment Service for the Market Economy Revitalization

시장 경제 활성화를 위한 안전한 모바일 전자결제 방안 연구

  • Kim, Hyung-Uk (Department of Computer Science and Engineering, Soongsil University) ;
  • Jung, Yong-Hoon (Department of Computer Science and Engineering, Soongsil University) ;
  • Jun, Moon-Seog (Department of Computer Science and Engineering, Soongsil University)
  • Received : 2016.12.14
  • Accepted : 2017.03.10
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, there has been a lot of ongoing research regarding financial transactions and payments due to the emergence of financial technology (FinTech). Payments have been processed through cash and credit cards, and payment methods have been simplified and are more convenient, with mobile payment via mobile cards and mobile phones. This study offers a new mobile payment method by using a mobile phone instead of a card reader or terminal. For payments, authentication is processed with the user's biometrics and a built-in fingerprint scanner, and the payment is processed after receiving an authentication code issued by the authorizing institution to confirm the user's identity. User biometrics and payment information is secured from any kind of malicious hacker by saving it in a Fast Identity Online (FIDO) Trusted Execution Environment (TEE) section in a smartphone. Regarding key security, every key is securely created in the FIDO TEE section, providing secure mobile payment by neutralizing various malicious attacks, including sniffing and the man-in-the middle attack.

최근 핀테크 활성화로 인한 금융 거래 및 결제 관련하여 많은 연구 개발이 활발하게 진행되고 있다. 상품을 구매하고 대금을 지급하는 방법에는 현금, 카드 등 여러 가지 방법으로 결제를 진행하고 있으며, 최근 모바일 카드를 통한 결제 및 휴대폰 간편 결제 등 결제 방식이 빠르고 간편화 되고 있다. 제안하는 모바일 전자결제 방식은 기존 카드 리더기 또는 카드 단말기 없이 사용자의 휴대폰을 이용하여 결제할 수 있는 방법을 제안한다. 결제 시 스마트폰에 내장된 지문인식기를 통해 사용자의 생체정보를 입력받아 본인인증이 먼저 수행되며, 결제 이전 두 사용자의 확인을 위해 인증된 기관에서 부여 받은 인증 코드를 전송하여 이를 검증하고 결제가 이루어진다. 사용자의 생체정보와 결제관련 정보는 스마트폰 내의 안전한 FIDO TEE영역에 저장되어 악의적인 사용자로부터 안전성을 확보하였다. 키의 안전성 측면에서는 모든 키 생성은 FIDO TEE 영역에서 이루어지게 하여 안전성을 확보하였으며, 스니핑, 중간자 공격 등 다양한 공격 방식에 대한 무력화를 통해 안전한 모바일 전자결제 서비스를 제공한다.

Keywords

References

  1. Korea Internet & Security Agency, Excavating research areas of FinTech through the analysis of its relevant technologies and policy trends at home and abroad, Feb. 2016.
  2. jeongkook park, "Fintech and information security", 2015 korean institute of information scientists and engineers. pp.23-32, May, 2015.
  3. Inyeob Ji, Kwang Myung Chun, "Digital Currency and Inflation Hedge: Evidence from Bitcoin" Korea Association for Telecommunications Policies. pp31-51. 2016.
  4. Pratap Murukutla, K. C. Shet, "Single Sign on for Cloud.", 2012 International Conference on Computing Sciences. IEEE, pp. 176-179, Sept, 2012. DOI: https://doi.org/10.1109/ICCS.2012.66
  5. Wanpeng Li, Chris J. Mitchell, "Security issues in OAuth 2.0 SSO implementations.", International Conference on Information Security. Springer International Publishing, pp. 529-541, Oct. 2014. DOI: https://doi.org/10.1007/978-3-319-13257-0_34
  6. Hyung-woo Lee, Yeong-Joon Park, "A Design and Implementation of User Authentication System using Biometric Information", Korea Academia-Industrial cooperation Society, pp.3548-3557, Sept. 2010. DOI: http://doi.org/10.5762/KAIS.2010.11.9.3548
  7. Jeong-Hyo Park, " A Non-Password Secure Biometric Digital Signature Method for Mobile Device", Soongsil University Graduate School, 2016.
  8. Sampath Srinivas, Dirk Balfanz, Eric Tiffany, "Universal 2nd factor (U2F) overview", FIDO Alliance Proposed Standard, 2015.
  9. Rolf Lindemann, Davit Baghdasaryan, Eric Tiffany, "FIDO UAF Protocol Specification v1.0", FIDO Alliance Proposed Standard, 2014.
  10. FIDO TEE, www.emobileid.co.kr
  11. KISA, "Implementation guideline for safe usage of accredited certificate bio information in smart phone", Sept. 2016.