• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.9
• /
• pp.1845-1850
• /
• 2009

Generally, small and medium scale enterprises have conventionally been performing diligence and indolence management by hand, but many of them have been recently costing a lot of money for their diligence and indolence management and security maintenance. But yet, they have annoying sides due to the initial stage cost for the introduction of the system which is consisted of a terminal for reading a card, an RFID card, an administrative sewer and an application program for the diligence and indolence management as well as the insufficiency of the fixing skill being able to cope with the problems originating from hardware and software troubles. For this reasons, we developed a new diligence and indolence management system that the initial stage cost is moderate because it is needless to purchase a new server and to issue a new card, and the operation and management of the system is convenient because an RFID card reader communicates with a central administrative server in IDC(Internet Data Center) over internet for the diligence and indolence management.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.89-98
• /
• 2015

To celebrate the convergence era, Park Geun-Hye government has adhered to the principle sets out to secure revenue no tax increase due to the underground economy legalization, etc. Recently due to the tax deduction policies such as cash receipts and credit card is like getting better transparency on income. However, focusing on the self-employed Evaded income scale is increasing steadily. For the underground economy legalization, it has the plan to increase the transparency of the capital market due to the strengthening of the cash receipt system and the mobile payment market. The purpose of this study is that it hopes the domestic mobile payment market is expanding for the underground economy legalization. To this end, domestic financial companies are hoping to develop a variety of additional services. And the mobile payments market is hoping to gain the trust our customers due to safety and security, etc. As a result the underground economy is expected to disappear naturally.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39A no.12
• /
• pp.708-717
• /
• 2014

In this paper, we present a secret key distribution protocol without resorting to a key management infrastructure targeting at providing a low-complexity distributed solution to wireless network. The proposed scheme extracts a secret key from the random fluctuation of wireless channels. By exploiting time division duplexing transmission, two legitimate users, Alice and Bob can have highly correlated channel gains due to channel reciprocity, and a pair of random bit sequences can be generated by quantizing the channel gains. We propose a novel adaptive quantization scheme that adjusts quantization thresholds according to channel variations and reduces the mismatch probability between generated bit sequences by Alice and Bob. BCH codes, as a low-complexity and pratical approach, are also employed to correct the mismatches between the pair of bit sequences and produce a secret key shared by Alice and Bob. To maximize the secret key extraction rate, the parameters, quantization levels and code rates of BCH codes are jointly optimized.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.5
• /
• pp.113-124
• /
• 2010

In this study, the hybrid authorization quotation technique is based on the device ID for the integrity of the source region guarantee of user certificate, in order to improve the convenience and security for user in the hybrid PKI certificate Mechanism for authentication. The feature of the model in which it is presented from this paper is 5. First, because the user can select the policy himself in which it matches with each authentication situation and security level, the convenience can be improved. Second, the integrity of the source region of the user certificate can be guaranteed through the comparison of the DLDI Key, that is the hash-value of the device ID. Third, the security can be improved by continuously changing an encoding, and the value of the key in which it decodes through the EOTP Key. Fourth, the index value is added to a certificate, and the storage of a certificate is possible at the Multi-Device. Fifth, since the addi the inan aratus for the integrity of the source region guarantee of a certificate is not needed, the authentication process time can be reduced and the computational load of the certificate server can be reduced also.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.343-361
• /
• 2015

The financial industry in South Korea has witnessed a paradigm shift from selling traditional loan/deposit products to diversified consumption channels and financial products. Consequently, personification of financial services has accelerated and the value of finance-related personal information has risen rapidly. As seen in the 2014 card company information leakage incident, most of major finance-related information leakage incidents are caused by personnel with authorized access to certain data. Therefore, it is strongly required to confirm whether there are problems in the existing access control policy for personnel who can access a great deal of data, and to complement access control policy by considering risk factors of information security. In this paper, based on information of IT personnel with access to sensitive finance-related data such as job, position, sensitivity of accessible data and on a survey result, we will analyze influence factors for personnel risk measurement and apply data access control policy reflecting the analysis result to an actual case so as to introduce measures to minimize IT personnel risk in financial companies.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.1
• /
• pp.147-153
• /
• 2014

The numerous improved schemes of remote user authentication based on password have been proposed in order to overcome the security weakness in user authentication process. Recently, some of biometric-based user authentication schemes to use personal biometric information have been introduced and they have shown the relatively higher security and the enhanced convenience as compared to traditional password-based schemes. These days wireless sensor network is a fundamental technology in face of the ubiquitous era. The wireless sensor networks to collect and process the data from sensor nodes in increasing high-tech applications require important security issues to prevent the data access from the unauthorized person. Accordingly, the research to apply to the user authentication to the wireless sensor networks has been under the progress. In 2010, Yuan et al. proposed a biometric-based user authentication scheme to be applicable for wireless sensor networks. Yuan et al. claimed that their scheme is effectively secure against the various security flaws including the stolen verifier attack. In this paper, author will prove that Yuan et al.'s scheme is still vulnerable to the password guessing attack, user impersonation attack and the replay attack, by analyzing their security weakness.

• The KIPS Transactions:PartC
• /
• v.19C no.3
• /
• pp.167-172
• /
• 2012

Mobile phone devices and memory card can be robbed and lost due to the carelessness that might be caused to leak personal information, and also company's confidential information can be disclosed. Therefore, the importance of user authentication to protect personal information is increasing exponentially. However, there are the limitations that criminals could easily obtain and abuse information about individuals, because the input method of personal identification number or the input method of password might not be safe for Shoulder Surfing Attack(SSA). Although various biometric identification methods were suggested to obstruct the SSA, it is the fact that they also have some faults due to the inconvenience to use in mobile environments. In this study, more complemented service for the user authentication was proposed by applying Keystroke method in the mobile environments to make up for the faults of existing biometric identification method. Lastly, the effectiveness and validity of this study were confirmed through experimental evaluations.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.361-370
• /
• 2010

OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.1
• /
• pp.101-107
• /
• 2007

In this paper, we proposed an stable optical security system using interferometer and cascaded phase keys. For the encryption process, a BPCGH(binary phase computer generated hologram) that reconstructs the origial image is designed, using an iterative algorithm and the resulting hologram is regarded as the image to be encrypted. The BPCGH is encrypted through the exclusive-OR operation with the random generated phase key image. For the decryption process, we cascade the encrypted image and phase key image and interfere with reference wave. Then decrypted hologram image is transformed into phase information. Finally, the origianl image is recovered by an inverse Fourier transformation of the phase information. During this process, interference intensity is very sensitive to external vibrations. a stable interference pattern is obtained using self-pumped phase-conjugate minor made of the photorefractive material. In the proposed security system, without a random generated key image, the original image can not be recovered. And we recover another hologram pattern according to the key images, so can be used an authorized system.