• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.27-31
• /
• 2014

According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.361-370
• /
• 2010

OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.75-84
• /
• 2011

With the rapid development of mobile technology the use of smartphone is spreading. In order to activate mobile banking and market in the future, the most important key is a secure financial transactoin. However, because many apps are developed without security check in proportional to the spread of smartphone, security threat is inevitably high. Current smartphone banking is processed as the way of the existing public certificate or OTP technique in the mobile environment, but many security hole about current technology is pointed out steadily. Therefore, in this paper we are to improve a existing security hole by reinforcing the security through multi-factor authentication and providing a physical non-repudiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.15-26
• /
• 2011

The development of IT technology and information communication networks activated to online financial transactions; the users were able to get a variety of financial services. However, unlike the positive effect that occurred on 7 July 2009 DDoS(Distribute Denial of Service) attacks, such as damaging to the user, which was caused negative effects. Authentication technology(OTP) is used to online financial transaction, which should be reviewed to safety with various points because the unpredictable attacks can bypass the authentication procedure such as phishing sites, which is occurred. Thus, this paper proposes mobile OTP(One Time Password) Mechanism, which is based on PKI to improve the safety of OTP authentication. The proposed Mechanism is operated based on PKI; the secret is transmitted safely through signatures and public key encryption of the user and the authentication server. The users do not input in the web site, but the generated OTP is directly transmitted to the authentication server. Therefore, it is improvement of the availability of the user and the resolved problem is exposed from the citibank phishing site(USA) in 2006.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.163-173
• /
• 2010

PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1020-1023
• /
• 2011

최근 스마트 모바일이 성장하면서 다양한 서비스들이 이루어지고 있다. 그 중에 모바일 오피스를 사용할 때 내부 망을 방문해야 한다. 그에 대한 보안 문제는 매우 중요하다. 본 논문은 모바일 기기가 내부 망에 방문할 때 사용자를 인증하기 위하여 통신의 보안 터널과 VPN(Virtual Private Network)기술을 사용하고, 모바일 기기가 내부 망에 방문할 때 OTP(One-Time Password)와 같은 동적인 패스워드 인증을 통해서 안전한 터널과 인증 서비스를 제공한다.

• Journal of Advanced Navigation Technology
• /
• v.16 no.2
• /
• pp.375-385
• /
• 2012

The fingerprint is the identity authentication method which is representative uses biometrics. Compared with password methods there is a feature where the dangerousness of embezzling or lossing is few. With like these features using the fingerprint in OTP creations. In this paper, we introduce the developed prototype of OTP system using fingerprint. And the overcome method of OTP system's demerit using fingerprint which extracts few minutiae points into a whole fingerprint image is proposed. A few minutiae points wasn't generated many encryption key for OTP session. The proposed method is overlaid the same fingerprint simply and added many minutiae points as biased overlaid fingerprints. Hence the security of OTP using fingerprint and the randomness over password-guessing are strengthened.

• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.512-520
• /
• 2010

As the applications based on Mobile and Ubiquitous becoming more extensive, the communication security issues of those applications are appearing to be the most important concern. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper. we propose new technique which uses the voice features in order to generate Mobile One Time Passwords(OTPs). Voice is considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords for one time use. Also we performed a simulation of homomorphic variability of voice feature points using dendrogram and distribution of voice feature points for proposed password generation method.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.127-135
• /
• 2012

This study improves the existing user identification method using user ID and password. The new protocol protecting unauthorized access is designed and developed using user's ID, password, and OTP for user certification as well as MAC address for computer identification on networks. The safety on trials of unauthorized certification is tested and analyzed for four types following the criterion of information acquisition.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.227-228
• /
• 2010

Generated One-Time Password (OTP) is used only once. This attributes is to safety than to repeated use the same password. Recently, Park's proposed on "Design of A One-time Password Generator on A Mobile Phone Providing An Additional Authentication for A Particular Transaction" use challenge-response based one-time password generator. However, Challenge exchange problem and currently OTP the same security level. In this paper, Park's proposed OTP generator design for us analysis. And then presents a resolution to the problem and new system logic. New system strong to Man-In-Middle attack and replay attack. In addition, OTP security level is higher.