• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• Informatization Policy
• /
• v.23 no.3
• /
• pp.26-42
• /
• 2016

Recently, with the rapid growth of the O2O market, Fintech combining the finance and ICT technology is drawing attention as innovation to lead "O2O of finance", along with Fintech-based payment, authentication, security technology and related services. For new technology industries such as Fintech, technical sources, related systems and regulations are important but previous studies on Fintech lack in-depth research about systems and technological trends of the domestic Fintech industry. Therefore, this study aims to analyze domestic Fintech trends and find the insights for the direction of technology and systems of the future domestic Fintech industry by comparing Kakao Pay and Samsung Pay, the two domestic representative mobile payment services. By conducting a complete enumeration survey about the tweets mentioning Fintech until June 2016, this study visualized topics extraction, sensitivity analysis and keyword analyses. According to the analysis results, it was found that various topics have been created in the technologies and systems between 2014 and 2016 and different keywords and reactions were extracted between topics of Samsung Pay based on "devices" such as Galaxy and Kakao Pay based on "service" such as KakaoTalk. This study contributes to analyzing the unstructured data of social media by period by using social media mining and quantifying the expectations and reactions of consumers to services through the sentiment analysis. It is expected to be the foundation of Fintech industry development by presenting a strategic direction to Fintech related practitioners.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Korean Security Journal
• /
• no.9
• /
• pp.27-68
• /
• 2005

Recently, because credit card crime using a personal credit information is increasing, professionalizing, and spreading the area, the loss occurring from credit card crime is enormous and is difficult to arrest and punish the criminals. At past, crime from forging and counterfeiting the credit card was originated by minority criminals, but at present, the types and appearance of credit card crime is very different to contrasting past crime. The numbers of people using credit card in the middle of 1990's was increasing and barometer of living conditions was evaluated by the number having credit card, therefore this bad phenomenon occurring from credit card crime was affected by abnormal consumption patterns. There is no need emphasizing the importance of personal credit card in this credit society. so, because credit card crime using personal credit card information has a bad effect, and brings the economic loss and harms to individuals, credit card company, and members joining credit card. Credit card crime using personal credit card information means the conduct using another people's credit card information(card number, expiring duration, secret number) that detected by unlawful means. And crime using dishonest means from another people's credit information is called a crime profiting money-making and a crime lending an illegal advance by making false documents. A findings on countermeasures of this study are as follows: Firstly, Diverting user's mind, improving the art of printing, and legitimating password from payment gateway was suggested. Secondly, Complementing input of password, disseminating the system of key-board protection, and promoting legitimations of immediate notification duty was suggested. Thirdly, Certificating the electronic certificates as a personal certificates, assuring the recognition by sense organ of organism, and lessening the ratio of crime occurrence, and restricting the ratio of the credit card crime was suggested.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5294-5302
• /
• 2014

The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2004.04a
• /
• pp.49-54
• /
• 2004

Ubiquitous computing support to use various informations through any machine which can connect the computer in any where and any time. Recently barcode and RFID which is improved business model to store large scale information and certify security in on- and off-line internet technology is applied the credit curd and payment service and so on However this technology has serious problem that RFID In this paper, we investigate method used example of 2D barcode and RFID and compare and analysis characteristics of recent technology to solve former problem in Ubiquitous environment.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.841-852
• /
• 2021

Biometric recognition refers to a technology that identifies or verifies an individual after registering each individual's physical, physiological, and behavioral characteristics with an automated device. However, the biometric data used here corresponds to personal information since it can identify an individual. Therefore, when it is compromised or misused, it negatively affects the privacy of the data subject. In this paper, we review the current status of domestic laws related to biometric information and the status of infringements related to this. And then, some biometric application models are derived and vulnerabilities and countermeasures for each model are discussed. Finally, for the developer and service provider of the biometric system, protection guidance is presented.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1229-1232
• /
• 2010

공인인증서는 10여 년 간 국내 인터넷 뱅킹이나 전자상거래에서 본인인증 수단으로 긴요하게 이용되어 왔다. 그러나 공인인증서는 처음 발급받았던 저장매체에서 사용이 가능하며, 재발급 시에 기존 인증서를 폐기한 후 새로운 인증서를 발급받아야 하는 불편함이 있다. 2010년 행정안전부에서는 2013년부터 하드디스크 내 공인인증서 저장을 금지한다는 방안을 발표하였다. 이에 따라 사용자들은 공인인증서를 이동형 저장매체에 저장한 후 사용이 가능하게 되어 이동형 저장매체의 중요성이 높아지게 되었으며, 분실 위험에 노출되어 있는 이동형 저장매체가 없을 시에도 안전하게 인증서를 사용할 수 있는 시스템이 필요하게 되었다. 본 논문에서는 위와 같은 불편함을 줄이고자 기존에 발급받았던 인증서를 토대로 경량화 된 일회용 인증서를 발급받음으로써 안전하고 효율적인 결제가 가능하도록 하는 시스템을 설계 및 구현하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.595-598
• /
• 2008

The Large amounts of data were available to transfer on mobile environment in the development of mobile telecommunications technology. And WIPI(Wireless Internet Protocol for Interoperability) platform is being mounted obligations to develope mobile application services. The applications developed on WIPI platform is possible to interoperability on mobile mounted WIPI platform, so there are not demand on mobile device. Currently e-commerce service is actively on mobile environment. This service is offerd based on XML Signature(eXtensible Markup Language) which provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. In this paper, we designed and implemented XML Signature service module which possible interoperability on mobile mounted WIPI platform.