• Information and Communications Magazine
• /
• v.17 no.3
• /
• pp.74-83
• /
• 2000

최근 전자 상거래와 인터넷, 통신 기술의 급속한 발전으로 개인의 신분 인증 및 보안에 대한 필요성이 증가하고 있으며, IC카드는 이에 대한 훌륭한 수단으로 사용될 수 있다. IC카드는 정보를 저장 및 처리할 수 있고, 저장된 정보에 대한 보안성이 뛰어나고, 다양한 응용에 사용될 수 있다는 장점이 있다. 이러한 이유로 최근 전자 화폐, GSM 단말기, POS 단말기, 교통, 직불 카드 등의 다양한 분야에서 IC카드를 활용하고 있으며, 향후 IC카드의 활용 범위는 급속히 성장할 것으로 보인다. 본 논문에서는 IC 카드 기술과 차세대 IC카드 기술에 대하여 설명한다.

• Journal of Korea Multimedia Society
• /
• v.17 no.1
• /
• pp.52-59
• /
• 2014

These days, smart card management system(SCMS) have been broadly used for security conformability, efficiency of issuance management, key management and expert management in the smart card market. SCMS is composed of card management, issuance management, key management, application management, and issuers management systems. SCMS enables card issuers from banks, credit card companies, and telecommunications companies to provide these cards to card users. And then SCMS enables card users to download new programs to chips for use of these cards successively and provide related smart card data in safety and efficiency. In this paper, we propose a framework for security assessment and an efficient method for security improvement through fault analysis which is more effective.

• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• Review of KIISC
• /
• v.12 no.1
• /
• pp.55-65
• /
• 2002

본 고에서는 미국 NSA가 주도하여 수행하고있는 다중등급 정보시스템 보안사업(MISSI ; Multi-level Informa tion System Security Initiative)에 사용되고 있는 보안모듈인 FORTEZEA 카드의 보안정책에 대하여 기술한다. MISSI와 같은 통합된 전산망에서 다중 등급 정보를 처리하기 위한 보안 모듈의 접근통제와 보안정책에 대해 조사하였다.

• Convergence Security Journal
• /
• v.5 no.2
• /
• pp.57-63
• /
• 2005

According to rapid development of computer and wired-wireless internet, information exchange of networking is growing. Also according as size of industry related e-commerce is bigger, it is Required the necessity of convenient user authentication system. So, the study of new authentication method to have a security and convenience is progressing systematically. Smart card of new authentication method overcome problem of established scheme. So it prospect that will be replaced One Card to have a high security and multi-function. In this papar, we suggest about the implementation of One Card System that the security of smart card and usable in all fields.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10c
• /
• pp.700-702
• /
• 1998

스마트카드 운영체제는 카드와 터미널간의 인증(authentication), 메시지 처리 및 메시지 처리시 비밀성(security) 유지 등의 작업을 수행한다. 본 논문은 스마트카드에서 DES 암호 알고리즘보다 보안성이 뛰어나고, 다양한 응용을 지원하기 위해서 RSA 암호 알고리즘을 이용한 확장 가능한 운영체제를 구현한다. 스마트카드 시스템과 운영체제의 구조는 ISO/IEC 7816 규정을 따르고 있었고, 몽고메리 알고리즘을 이용한 RSA 암호 알고리즘은 스마트카드에서 인증과 스마트카드 내에서 파일의 보안성, 메시지 보안 명령어를 안전하게 수행한다. 본 논문에서 제시한 스마트카드 운영체제는 다양한 응용을 지원하기 위하여 응용 목적에 따라 운영체제와 응용 프로그램을 확장할 수 있게 설계되었다.

• Journal of Korea Multimedia Society
• /
• v.16 no.1
• /
• pp.87-99
• /
• 2013

The demands of IC card payment system has been increased according to the rapid advancement of the IT convergence application technologies. Recently IC card payment systems are in demands of the usage space at anytime and anywhere by developing the wireless communication technology and its related multimedia processing technology. Therefore the security of IC card payment system becomes more important and necessary. There are many fault analysis methods to evaluate the security and safety of information systems according to their characteristics and usages. However, the only assessment method to evaluate the security of information systems is not enough to analyse properly on account of the various types and characteristics of information systems by the progress of IT convergence and their applications. Therefore, this paper proposes an integrative method of the Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis/Criticality (FMEA/C) based on criticality to evaluate and improve the security of IC card payment system as an illustration.

• Journal of KIISE:Computing Practices and Letters
• /
• v.8 no.3
• /
• pp.277-288
• /
• 2002

In this paper, we describe a design and implementation method of a smart card operating system for multi applications. A smart card is the independent computing system and is able to be used in multi applications such as the electronic commerce and the electronic cash. Smart card operation system(SCOS) provides a basis of smart card booting, and controls and manages application programs. SCOS can produce and control a file system to support multi applications in EEPROM, communicate commands and messages with outside devices, process a command, produce a reply message, and provide security functions of file security in EEPROM, and communication security. Therefor, in this paper, we design and implement SCOS system that provides the authentication between a card and a terminal, the session authentication for multi applications, the processing of commands, and the maintenance of the security.

• Proceedings of the KAIS Fall Conference
• /
• 2001.11a
• /
• pp.230-235
• /
• 2001

SET(Secure Electronic Transaction)은 인터네트와 같은 open network에서 안전하게 상거래를 할 수 있도록 보장해주는 지불 프로토롤이다. SET은 보안상의 허점을 보완하고자 신용카드 회사인 비자, 마스터카드와 IBM, 넷스케이프, 마이크로소프트 그리고 VeriSign의 기술적인 도움으로 개발되었다. SET은 RSA 데이터 보안회사의 암호화 기술에 기초를 두고 있으며, 기술사양 자체가 공개이므로 누구나 자유롭게 SET 프로토롤을 사용하는 소프트웨어를 개발 할 수 있다. SET은 우리가 일상생활에서 이용하는 신용카드 거래체계를 인터네트를 통한 전자상거래에서도 유사하게 이용할 수 있도록 하였다.