• Title/Summary/Keyword: 모바일 OTP

Search Result 46, Processing Time 0.032 seconds

User Authentication Using Biometrics and OTP in Mobile Device (중소기업형 바이오정보와 OTP를 이용한 사용자 인증)

  • Lee, Sang Ho
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.3
    • /
    • pp.27-31
    • /
    • 2014
  • According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

  • PDF

Vulnerabilities Analysis of the OTP Implemented on a PC (PC에 탑재된 OTP의 취약점 분석)

  • Hong, Woo-Chan;Lee, Kwang-Woo;Kim, Seung-Joo;Won, Dong-Ho
    • The KIPS Transactions:PartC
    • /
    • v.17C no.4
    • /
    • pp.361-370
    • /
    • 2010
  • OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

A Study on The Improvement of User Authentication using the Facial Recognition and OTP Technique in the Mobile Environment (모바일 환경에서 OTP기술과 얼굴인식 기술을 이용한 사용자 인증 개선에 관한 연구)

  • Huh, Seung-Pyo;Lee, Dae-Sung;Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.11 no.3
    • /
    • pp.75-84
    • /
    • 2011
  • With the rapid development of mobile technology the use of smartphone is spreading. In order to activate mobile banking and market in the future, the most important key is a secure financial transactoin. However, because many apps are developed without security check in proportional to the spread of smartphone, security threat is inevitably high. Current smartphone banking is processed as the way of the existing public certificate or OTP technique in the mobile environment, but many security hole about current technology is pointed out steadily. Therefore, in this paper we are to improve a existing security hole by reinforcing the security through multi-factor authentication and providing a physical non-repudiation.

Study on Mobile OTP(One Time Password) Mechanism based PKI for Preventing Phishing Attacks and Improving Availability (피싱 방지 및 가용성 개선을 위한 PKI기반의 모바일 OTP(One Time Password) 메커니즘에 관한 연구)

  • Kim, Tha-Hyung;Lee, Jun-Ho;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.1
    • /
    • pp.15-26
    • /
    • 2011
  • The development of IT technology and information communication networks activated to online financial transactions; the users were able to get a variety of financial services. However, unlike the positive effect that occurred on 7 July 2009 DDoS(Distribute Denial of Service) attacks, such as damaging to the user, which was caused negative effects. Authentication technology(OTP) is used to online financial transaction, which should be reviewed to safety with various points because the unpredictable attacks can bypass the authentication procedure such as phishing sites, which is occurred. Thus, this paper proposes mobile OTP(One Time Password) Mechanism, which is based on PKI to improve the safety of OTP authentication. The proposed Mechanism is operated based on PKI; the secret is transmitted safely through signatures and public key encryption of the user and the authentication server. The users do not input in the web site, but the generated OTP is directly transmitted to the authentication server. Therefore, it is improvement of the availability of the user and the resolved problem is exposed from the citibank phishing site(USA) in 2006.

Drivers for Trust and Continuous Usage Intention on OTP: Perceived Security, Security Awareness, and User Experience (OTP에 대한 신뢰 및 재사용의도의 결정요인: 인지된 보안성, 보안의식 및 사용자경험을 중심으로)

  • Yun, Hae-Jung;Jang, Jae-Bin;Lee, Choong-C.
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.12
    • /
    • pp.163-173
    • /
    • 2010
  • PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

OTP in Mobile VPN using Mobile Fire Prevention Monitoring System Design (모바일 VPN의 OTP를 이용한 모바일 화재 방재 모니터링 시스템 설계)

  • Gui, Li Qi;Kim, Young-Hyuk;Lim, Il-Kwon;Kang, Seung-Gu;Lee, Jun-Woo;Kim, Myung-Jin;Lee, Jae-Kwang
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2011.04a
    • /
    • pp.1020-1023
    • /
    • 2011
  • 최근 스마트 모바일이 성장하면서 다양한 서비스들이 이루어지고 있다. 그 중에 모바일 오피스를 사용할 때 내부 망을 방문해야 한다. 그에 대한 보안 문제는 매우 중요하다. 본 논문은 모바일 기기가 내부 망에 방문할 때 사용자를 인증하기 위하여 통신의 보안 터널과 VPN(Virtual Private Network)기술을 사용하고, 모바일 기기가 내부 망에 방문할 때 OTP(One-Time Password)와 같은 동적인 패스워드 인증을 통해서 안전한 터널과 인증 서비스를 제공한다.

Fingerprint overlay technique of mobile OTP to extent seed of password (모바일 OTP의 패스워드 Seed 확장을 위한 지문 중첩 기법)

  • Kim, Nam-Ho;Hwang, Bu-Hyun
    • Journal of Advanced Navigation Technology
    • /
    • v.16 no.2
    • /
    • pp.375-385
    • /
    • 2012
  • The fingerprint is the identity authentication method which is representative uses biometrics. Compared with password methods there is a feature where the dangerousness of embezzling or lossing is few. With like these features using the fingerprint in OTP creations. In this paper, we introduce the developed prototype of OTP system using fingerprint. And the overcome method of OTP system's demerit using fingerprint which extracts few minutiae points into a whole fingerprint image is proposed. A few minutiae points wasn't generated many encryption key for OTP session. The proposed method is overlaid the same fingerprint simply and added many minutiae points as biased overlaid fingerprints. Hence the security of OTP using fingerprint and the randomness over password-guessing are strengthened.

Design of OTP based on Mobile Device using Voice Characteristic Parameter (음성 특징 파라메터를 이용한 모바일 기반의 OTP 설계)

  • Cha, Byung-Rae;Kim, Nam-Ho;Kim, Jong-Won
    • Journal of Advanced Navigation Technology
    • /
    • v.14 no.4
    • /
    • pp.512-520
    • /
    • 2010
  • As the applications based on Mobile and Ubiquitous becoming more extensive, the communication security issues of those applications are appearing to be the most important concern. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper. we propose new technique which uses the voice features in order to generate Mobile One Time Passwords(OTPs). Voice is considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords for one time use. Also we performed a simulation of homomorphic variability of voice feature points using dendrogram and distribution of voice feature points for proposed password generation method.

A System Unauthorized Access using MAC Address and OTP (MAC Address와 OTP를 이용한 비인가 접근 거부 시스템)

  • Shin, Seung-Soo;Jeong, Yoon-Su
    • Journal of Digital Convergence
    • /
    • v.10 no.3
    • /
    • pp.127-135
    • /
    • 2012
  • This study improves the existing user identification method using user ID and password. The new protocol protecting unauthorized access is designed and developed using user's ID, password, and OTP for user certification as well as MAC address for computer identification on networks. The safety on trials of unauthorized certification is tested and analyzed for four types following the criterion of information acquisition.

On a Enhanced Mobile OTP generator design using Transaction (이체정보를 활용한 강화된 모바일 OTP 생성기 설계)

  • Park, Beum-Su;Cho, Sang-Il;Kim, Tae-Yong;Lee, Hoon-Jae
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2010.10a
    • /
    • pp.227-228
    • /
    • 2010
  • Generated One-Time Password (OTP) is used only once. This attributes is to safety than to repeated use the same password. Recently, Park's proposed on "Design of A One-time Password Generator on A Mobile Phone Providing An Additional Authentication for A Particular Transaction" use challenge-response based one-time password generator. However, Challenge exchange problem and currently OTP the same security level. In this paper, Park's proposed OTP generator design for us analysis. And then presents a resolution to the problem and new system logic. New system strong to Man-In-Middle attack and replay attack. In addition, OTP security level is higher.

  • PDF