Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2020.10.11.040

A Study on Open API Security Protocol based on Multi-Channel  

Kim, Sang-Geun (Department of Computer Engineering, SungKyul University)
Publication Information
Journal of Convergence for Information Technology / v.10, no.11, 2020 , pp. 40-46 More about this Journal
Abstract
Safe security technology is required for the startup ecosystem according to the construction and service of a joint open platform in the financial sector. Financial industry standard open API recommends that payment-related fintech companies develop/apply additional security technologies to protect core API authentication keys in the mutual authentication process. This study proposes an enhanced API security protocol using multiple channels. It was designed in consideration of the compatibility of heterogeneous platforms by further analyzing the problems and weaknesses of existing open API related research. I applied the method of concealment to remove the additional security channels into a single channel of the existing security protocols. As a result of the performance analysis, the two-way safety of the communication session of the multi-channel and the security of the man-in-the-middle attack of the enhanced authentication key were confirmed, and the computational performance of the delay time (less than 1 second) in the multi-session was confirmed.
Keywords
Open API; Open Banking; Open Platform; Open Authorization; Financial Security;
Citations & Related Records
Times Cited By KSCI : 12  (Citation Analysis)
연도 인용수 순위
1 J. K. Jung, Y. M. Kim. (2016). Secure Access Token Model of Open Banking Platform using Hash Chain. The Korean Society Of Computer And Information Proceedings of the Korean Society of Computer Information Conference, 24(2), 277-280.
2 M. S. Son, H. Y. Kim. (2020). A Real Estate Lease Transaction System Using Blockchain and Open Banking API. Journal of Korean Institute of Information Technology, 18(5), 109-119. DOI : 10.14801/jkiit.2020.18.5.109   DOI
3 K. J. Jang. (2017). A Study on Business Application of Payment System using BlockChain Technology. Global e-Business Association, 18(6), 113-130. DOI : 10.20462/TeBS.2018.12.19.6.349   DOI
4 S. M. Yoo et el. (2018). POSCAL : A Protocol of Service Access Control by Authentication Level. Journal of The Korea Institute of Information Security and Cryptology, 28(6), 1509-1522. DOI : 10.13089/JKIISC.2018.28.6.1509   DOI
5 H. B. Kang, H. C. Jang, C. S. Jang. (2019). IUWT Based Token Authentication Technology. The Journal of Korean Institute of Information Technology, 17(2), 143-150. DOI : 10.14801/jkiit.2019.17.2.143   DOI
6 K. W. Jung, H. S. Shin, J. H. Park. (2017). Integrated Authentication Protocol of Financial Sector that Modified OAuth2.0. Journal of the Korea Institute of Information Security & Cryptology, 27(2), 373-381. DOI : 10.13089/JKIISC.2017.27.2.373   DOI
7 B. C. Lee. (2018). Stateless Randomized Token Authentication for Performance Improvement of OAuth 2.0 MAC Token Authentication. Journal of the Korea Institute of Information Security & Cryptology, 28(6), 1343-1354. DOI : 10.13089/JKIISC.2018.28.6.1343   DOI
8 B. D. Gocer and S. Bahtiyar, (2019, September). An Authorization Framework with OAuth for FinTech Servers. In 2019 4th International Conference on Computer Science and Engineering (UBMK) (pp. 536-541). IEEE. DOI: 10.1109/UBMK.2019.8907182.   DOI
9 Yi, M. (2020). Comparison of MyData Use Among the US, Europe, and the Korean Governments. Journal of the Korean BIBLIA Society for library and Information Science, 31(2), 183-201. DOI: 10.14699/kbiblia.2020.31.2.183   DOI
10 J. H. Park. Activation of My Data System and Legal Issues. Law Research Institute of Ajou University, 14(1), 96-119. DOI : 10.21589/ajlaw.2020.14.1.96   DOI
11 J. A. Park. (2020). Study on methods for establishing legislation on data protection and distribution. The Institute for Legal Studies, Sogang University, 9(2), 3-41. DOI : 10.35505/slj.2020.06.9.2.3   DOI
12 M. J. Song & I. S. Kim. (2019). A Study on Privacy Protection in Financial Mydata Policy through Comparison of the EU's PSD2. Journal of The Korea Institute of Information Security and Cryptology, 29(5), 1205-1219.
13 Financial Security Institute. (n.d).. Convergence Security Department Fintech Security Team. Guide(Onlnie). http://www.fsec.or.kr/
14 J. H. Seo. (2018). Innovation strategy of the domestic banking industry through activation of open API. Korea Institute of Finance, 1-60.
15 Feike Hacquebord at el. (n.d.). When PSD2 Opens More Doors: The Risks of Open Banking, Trend Micro. Cyber Threats. https://blog.trendmicro.com/
16 J. H. Na & J. C. Na (2018). Open platform standardization trend for safe fintech service. Korea Institute Of Information Security And Cryptology, 28(4), 13-17. UCI : I410-ECN-0101-2018-004-003408438
17 I. S. Kim. (2018). Financial security and countermeasures for the financial sector in response to changes in the fintech environment. Korea Federation of Banks Financial webzine, 732, 6-13.
18 Financial Security Institute. (n.d.). Security check related to open banking (main contents), Financial Security Institute(Online). https://www.fsc.go.kr/
19 https://developers.open-platform.or.kr
20 J. E. Kim, I. S. Kim. (2017). A Study on the Liability of Information Protection for the Third Party Supply of Personal Information/Focus on Fintech Companies Using OPEN APIs. Journal of Korea Society for e-Business Studies, 22(4), 21-38. UCI(KEPA) : I410-ECN-0101-2018-004-001571185
21 D. H. Choi, I. S. Kim. (2019). A Study on the Policy Proposal and Model B2B2C for Safe Open Banking. Journal of The Korea Institute of Information Security and Cryptology, 29(6), 1271-1283. DOI : 10.13089/JKIISC.2019.29.6.1271   DOI
22 Jakob Nielsen. (n.d.). 10 Usability Heuristics for User Interface Design. Nielsen Norman Group (Online). https://www.nngroup.com/articles/ten-usability-heuristics/