DOI QR코드

DOI QR Code

핀테크 환경에서 보안 키패드와 생체인증을 이용한 1.5-factor 인증 기법

1.5-factor Authentication Method using Secure Keypads and Biometric Authentication in the Fintech

  • 문형진 (성결대학교 정보통신공학과)
  • Mun, Hyung-Jin (Dept. of Information & Communication Engineering, Sungkyul University)
  • 투고 : 2022.10.04
  • 심사 : 2022.11.20
  • 발행 : 2022.11.28

초록

핀테크 환경에서 스마트 폰을 이용한 금융거래가 활발하게 이루어지고 있다. 안전한 금융거래를 위해 사용자 인증 기술이 필수적이다. 기존 보안 키패드를 통한 PIN 인증은 입력 편리성이 좋지만, 보안성이 떨어지고 취약점이 존재한다. 생체인증 기법은 보안성이 안전하지만 오탐 및 미탐 인증 가능성이 있다. 이를 보완하기 위해 2-factor 인증을 사용한다. 본 논문에서는 생체인증 기법을 적용한 PIN 입력을 통해 편리성과 보안성을 높일 수 있는 1.5-factor 인증을 제안하고자 한다. 지문인증의 안정성과 2~4번의 PIN 입력을 통해 편리성을 제공하여 안전한 금융거래가 가능하다. 제안기법은 PIN 입력 시 생체인증을 동시에 수행하므로 PIN 입력할 때 터치하는 영역에 지문인식을 적용하는 방식이다. 보안이 요구되는 경우 높은 안전성이 요구되는 상황에서는 추가적인 PIN 입력을 통해 입력 편리성을 보장하면서 사용자 인증을 수행하여 안전한 금융거래가 가능하다.

In the fintech field, financial transactions with smart phones are actively conducted. User authentication technology is essential for safe financial transactions. PIN authentication through the existing security keypads is convenient to input but has weaknesses in security and others. The biometric authentication technique is secure, but there is a possibility of false positive and false negative authentication. To compensate for this, two-factor authentication is used. In this paper, we propose the 1.5-factor authentication that can increase convenience and security through PIN input with biometric authentication. It provides the stability of fingerprint authentication and convenience of two or three PIN inputs, and this makes safe financial transaction possible. Since biometric authentication is performed at the same time when entering PIN, while security is required by applying fingerprint authentication to the area touched while entering PIN. The User authentication is performed while ensuring convenience to input through additional PIN input in situations where high safety is required, and Safe financial transactions are possible.

키워드

참고문헌

  1. B. S. Yu & S. H. Yun. (2011). The Design and Implementation of Messenger Authentication Protocol to Prevent Smartphone Phishing. Journal of the Korea Convergence Society, 2(4), 9-14. DOI : 10.15207/JKCS.2011.2.4.009
  2. D. Y. Kim & S. M. Cho (2015). A Proposal of Smart Phone App for Preventing Smishing Attack. Journal of Security Engineering, 12(3), 207-220. https://doi.org/10.14257/jse.2015.06.08
  3. S. H. Kim, M. S. Park. & S. J. Kim. (2014). Shoulder Surfing Attack Modeling and Security Analysis on Commercial Keypad Schemes. Journal of the Korea Institute of Information Security & Cryptology, 24(6), 1159-1174. DOI : 10.13089/JKIISC.2014.24.6.1159
  4. G. O. Baik, C. H. Lim & J. G. Shon. (2010). A Virtual Keyboard System for Preventing Keylogging. Journal of Security Engineering , 7(4), 319-334.
  5. C. J. Chae, H. J. Cho & H. M. Jung. (2018). Authentication Method using Multiple Biometric Information in FIDO Environment. Journal of Digital Convergence, 16(1), 159-164. DOI : 10.14400/JDC.2018.16.1.159
  6. J. S. Song, M. W. Chung, S. H. Seo & S. H. Lee. (2015). Security vulnerability analysis of Simple Mobile Payments Services. The Korea Information Processing Society Fall Conference, 22(2), 817-820.
  7. D. H. Lee, D. H. Bae, S. L Yoo, J. Y. Chae, Y. Lee & H. G. Yang. (2011). Analysis of safety in secure keypads for smartphone. Korea Institute of Information Security and Cryptology(KIISC) review,, 21(7), 30-37. http://www.earticle.net/Public/View/1/730205
  8. Y. H. Lee. (2013). An Analysis on the Vulnerability of Secure Keypads for Mobile Devices. Journal of Korean Society for Internet Information, 14(3), 15-21.
  9. H. J. Mun, S. Y. Kang & C. Shin.. (2020). Implementation of Secure Keypads based on Tetris-Form Protection for Touch Position in the Fintech. Journal of Convergence for Information Technology , 10(8), 144-151. DOI : 10.22156/CS4SMB.2020.10.08.144
  10. H.-J. Mun, (2022). Design for Position Protection Secure Keypads based on Double-Touch using Grouping in the Fintech. Journal of Convergence for Information Technology, 12(3), 38-45. DOI : 10.22156/CS4SMB.2022.12.03.038
  11. J. Song, M. W. Jung, J. I. Choi & S. H. Seo. (2018). Proposal and Implementation of Security Keypad with Dual Touch. KIPS Transactions on Computer and Communication Systems, 7(3), 73-80. DOI : 10.3745/KTCCS.2018.7.3.73
  12. H. J. Kim, H. J. Seo, Y. C. Lee, T. H. Park & H.W. Kim (2013). Implementation of virtual finace keypads with resistance for shoulder surfing attack. Korea Institute of Information Security and Cryptology (KIISC) review, 23(6), 21-29. http://www.earticle. net/Public/View/1/846895
  13. S. H. Lee, H. Kim, & D. H. Lee. (2013). Two-Factor Authentication Scheme based on Mobile Messenger with Improved Usability. Journal of Security Engineering , 10(5), 549-566. https://doi.org/10.14257/jse.2013.10.5.02