Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.3.579

A Study on Authentication Process in Smartphone Electronic Financial Services  

Kim, Hanwoo (Graduate School of Information Security, Korea University)
Lee, Keun Young (Graduate School of Information Security, Korea University)
Lim, Jong In (Graduate School of Information Security, Korea University)
Kwon, Hun Yeong (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.3, 2018 , pp. 579-590 More about this Journal
Abstract
In May 2014, AppCard(Which is a smartphone application designed to register and use a credit card in a mobile phone by credit card company.) was attacked by smshing and a vulnerability which could not obtainable phone number. After that, credit card companies have supplemented and operated by introducing additional authentication methods to supplement the vulnerability. However, The analysis of the authentication environments, purposes and methods is not enough to lower the level of vulnerability and risk from existing accidents. This study analyzes the authentication process of the AppCard in the electronic financial service by applying the NIST's authentication guidelines, identifies the problems and suggests improvement directions. The method analyzed in this study can be applied to the analysis of the authentication method in addition to the application card, so that it will be highly utilized.
Keywords
authentication; appcard; identity proofing; electronic financial services;
Citations & Related Records
연도 인용수 순위
  • Reference
1 NIST, Digital Identity Guidelines, SP800-63-3. pp. 47, Jun. 2017
2 NIST, Digital Identity Guidelines, SP800-63-3. pp. 8, Jun. 2017
3 Yong-Jae and Young-Mee Shin, "A Historical Examination and Implication of Mobile Payment Servies for the Korean Mobile Transaction Market," The Review of Bussiness History, 31(2), pp. 59, Jun. 2016
4 $\S$2.3, Specialized Credit Finance Business Act, Act No.15615, Apr. 2018
5 FSS, "We will inform you of the credit card issuance criteria and issuance procedures," Jul. 2014
6 Act On Real Name Financial Transactions And Confidentiality, Act No. 14242, May. 2016
7 Enforcement Decree Of Act On Real Name Financial Transactions And Confidentiality, Presidential Decree No. 28218, Jul. 2017
8 TTA, Authentication Service Guideline for The Layered Risk Level in Online Transaction, TTAK.KO-12.0244, pp. 3-14, Dec. 2014
9 TTA, Guideline on Identity Proofing Management, TTAK.KO-12.0292, pp. 5-10 Jul. 2016
10 Electronic Financial Transactions Act, Act No. 14828, Apr. 2017
11 Regulation On Supervision Of Electronic Financial Transactions, FSC Public Notice No. 2016-37, Oct. 2016
12 Specialiezed Credit Finance Business Act, Act No. 15615 Apr. 2018
13 Enforcement Decree Of Specialiezed Credit Finance Business Act, Presidential Decree No. 28389, Oct. 2017
14 Regulation On Supervison Of Specialiezed Credit Finance Business Act, FSC Public Notice No. 2018-2, Jan. 2018
15 Credit Information Use And Protection Act, Act No. 14823 Apr. 2017
16 Enforcement Rules Of Digital Signature Act, Amended By Ordinance Of The Prime Minister No. 996, Oct. 2012
17 TTA, Information and communication terminology dictionary, http://word.tta.or.kr, Apr. 2018
18 TTA, Framework for Cerificate Policy and Certification Practice Statement, TTAS.IF-RFC3267, pp. 6, Dec. 2004
19 Enforcement Decree Of Credit Information Use And Protection Act, Presidential Decree No. 28387, Oct. 2017
20 Digital Signature Act, Act No. 14839, Mar. 2017
21 Act On Reporting And Using Specified Financial Transaction Information, Act No. 14839, Jul 2017
22 Enforcement Decree Of The Act On Reporting And Use Of Certain Financial Transaction Information, Presidential Decree No. 28687, Feb. 2018
23 NIST, Digital Identity Guidelines, SP800-63-3, pp. 16, Jun. 2017
24 OECD, OECD Guidance for Electronic Authenticaion, pp. 7, Jun. 2007
25 $\S$2.6, Digital Signature Act, Act No. 14839, Jul. 2017
26 US. Rule 901. Requirement for Authentication or Identification (b)(9), Dec. 2011
27 TTA, Suitable Framework for Entity Authentication Assurance in The Local Environment, TTAK.KO-2.0248, pp. 11, Dec. 2014
28 ITU-T, Entity authentication assurance framework, X.1254, pp. 1, Sep. 2012
29 NIST, Digital Identity Guidelines Enrollment and Identity Proofing, SP800-63A, pp. 5-6, Jun. 2017
30 IMSAC, Guidance Document: Electronic Authenticaiton, pp. 10, Dec. 2016
31 Apple, Swift Developer Documentation "CTCarrier API", https://developer.apple.com/documentation/coretelephony/ctcarrier, Apr. 2018
32 Apple, Swift Developer Documentation "DeviceCheck API", https://developer.apple.com/documentation/devicecheck, Apr. 2018
33 TTA, Requirements for E-authenticaion Method of Assurance Level, TTAK.KO-12.0247, pp. 6-11, Dec. 2014
34 TTA, Suitable Framework for Entity Authentication Assurance in The Local Environment, TTAK.KO-12.0248, pp. 13-25, Dec. 2014