Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.2.373

Integrated Authentication Protocol of Financial Sector that Modified OAuth2.0  

Jung, Kyu-Won (Sangmyung University)
Shin, Hye-seong (Sangmyung University)
Park, Jong Hwan (Sangmyung University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.2, 2017 , pp. 373-381 More about this Journal
Abstract
Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.
Keywords
Authentication framework; Integrated user authentication; Financial sector; SSO; OAuth2.0;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Jeong Gi Seog, "A Study on Measures for Improving Obligatory Use of Digital Certificate for Electronic Financial Transactions", Journal of Information and Security, Korea Information Assurance Society, Vol. 13, No. 6, pp.25-33, Dec. 2013
2 D. Hardt, "The OAuth2.0 Authorization Framework", Internet Engineering Task Force(IETF) RFC 6749, 2012, https://tools.ietf.org/html/rfc6749#page-37
3 T. Lodderstedt, Ed. Deutsche Telekom AG, M. McGloin, IBM, P. Hunt, Oracle Corp., "OAuth2.0 Threat Model and Security Considerations", Internet Engineering Task Force (IETF) RFC 6819, Jan 2013, https://tools.ietf.org/html/rfc6819
4 Jun-Kyo Jung, Yong-Min Kim, "Secure Access Token Model of Open Banking Platform using Hash Chain", The Korean Society of Computer And Information, Vol. 24, No.2, pp. 277-280, Jul. 2016
5 Hyung-Soo Park, Ki-Hyung Kim, "Enhanced OAuth Authentication with Security Code", Ajou University Graduate school, Dec. 2016
6 Seung-Soo Shin, Kun-Hee Han, "A Study on Integrated ID Authentication Protocol for Web User", Journal of Digital Convergence in The Society of Digital Policy & Management, Vol. 13, No. 7, pp.197-205, Jul. 2015
7 Submission Request to W3C: FIDO 2.0 Platform Specifications 1.0, https://www.w3.org/Submission/2015/02/
8 Sangrae Cho, YoungSeob Cho, Soohyung Kim, "FIDO 2.0 Universal authentication technology Introduce" Korea Institute Of Information Security And Cryptology, Apr. 2016
9 C. Gentry, "Fully homomorphic encryption using ideal lattices", Proceedings of STOC 2009, ACM, pp.169-178, 2009
10 D. Boneh, A. Sahai, B. Waters, "Functional encryption: definitions and challenges", Proceedings of TCC 2011, Vol. 6597, LNCS, pp.253-273, 2011
11 Minhye Seo, Jung Yeon Hwang, Soo-hyung Kim, Jong Hwan Park, "Biometric Authentication Protocol using Hidden Vector Key Encapsulation Mechanism", Journal of the Korea Institute of Information and Communication Engineering, Vol. 26, No. 1, pp.69-79, Feb. 2016
12 Jong Pil Yun, Jonghyun Kim, Kwangsu Lee, "Certificate-based SSO Protocol Complying with Web Standard", Journal of the Korea Institute of Information and Communication Engineering, Vol. 20, No. 8, pp.1466-1477, Aug. 2016   DOI
13 Integrated management services for Account Information, https://www.payinfo.or.kr/payinfo.html