• Journal of the Korea Society of Computer and Information
• /
• v.18 no.4
• /
• pp.153-160
• /
• 2013

Online game provides a kind of cyber money aden and game instruments, items in order to attract game users. Game users want stronger, better and higher-leveled items with competition. Demands and supplies on items are formed and the transactions are made. The problem is there happen frequently illegal behaviors in the process of transactions. Among these illegal behaviors, for using other's id and password without authorization and stealing items, rejecting to return assigned items, providing stolen item to other who knows the fact or destroying others' items, it is difficult to apply provisions on properties in the criminal code on them. Because the criminal code has a duty to prevent separation between substantial criminal behavior and regulations, it should reflect substantial cultures and values of the times. Therefore, property like items in cyber space can be considered as new property to need to be protect under the criminal code and it may be not an interpretation of expansion. The reason is it is practical and reasonable to judge whether propertiness can be established considering cyber space's unique characteristics. It is time to review propertiness of Article No. 346 according to the request of times of the digital age.

• Journal of Venture Innovation
• /
• v.2 no.2
• /
• pp.21-29
• /
• 2019

In the public certificate technology commonly used in Korea, users have a cumbersome problem of always resetting when they forget their password. In this paper, as a solution to this problem, we propose a secure authentication certificate password recovery protocol using blockchain, PKI, and DID for distributed storage. DID is a schema for protecting block ID in blockchain system. The private key used in the PKI is configured as a user's biometric, for example, a fingerprint, so that it can completely replace the memory of the complex private key. To this end, based on the FIDO authentication technology that most users currently use on their smartphones, the process of authenticating a user to access data inside the block minimizes the risk of an attacker taking over the data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.177-185
• /
• 2016

As the fintech industry is growing at an incredible rate, mobile phones are positioned as the most important tool for financial transaction. However, with a rising number of malware applications, the types of attack and illegal access to mobile device are becoming more diverse and sophisticated. This paper studies the potential keylogger attack by exploiting the Accessibility Service in Android framework. This type of attack allows the malicious individual to use keylogger on the victim's Android mobile phone to steal passwords during mobile financial transaction regardless of security keypad setting. Lastly the paper proposes solutions to counter these types of attack by verifying the accessibility usage and amending the application guideline for accessibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.369-383
• /
• 2018

User authentication using PIN input or lock pattern is widely used as a user authentication method of smartphones. However, it is vulnerable to shoulder surfing attacks and because of low complexity of PIN and lock pattern, it has low security. To complement these problems, keystroke dynamics have been used as an authentication method for complex authentication and researches on this have been in progress. However, many studies have used imposter data in classifier training and validation. When keystroke dynamics authentications are actually applied in reality, it is realistic to use only legitimate user data for training, and using other people's data as imposter training data may result in problems such as leakage of authentication data and invasion of privacy. In response, in this paper, we experiment and obtain the optimal ratio of the thresholds for distance based classification. By suggesting the optimal ratio, we try to contribute to the real applications of keystroke authentications.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.3 no.2
• /
• pp.433-445
• /
• 1999

Today's Web tends to change from simple guideline to more complex information Provider based on large amount of data, enabling a better understanding of the objects. It provides various information retrieval techniques. Therefore, these data have to be stored and maintained in a database system for efficiency and consistency. But database system absolutely requires systematic and consistent management techniques. As a consequence, a high trained and well-educated person should do it. In this paper, we design and implement a tool for easy and reliable database table creation and management on the web. If users log in this system, they can get a list of tables created by themselves and will find a hyper link per each table. Futhermore, they can view and manage it's contents.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1393-1400
• /
• 2017

As the number of smartphone users increases, vulnerability to privacy protection is increasing. This is because personal information is stored on various servers connected to the Internet and the user is authenticated using the same ID and password. Authentication methods such as OTP, FIDO, and PIN codes have been introduced to solve traditional authentication methods, but their use is limited for authentication that requires sharing with other users. In this paper, we propose the authentication method that is needed for the management of shared information such as hospitals and corporations. The proposed algorithm is an algorithm that can authenticate users in the same place in real time using smart phone IMEI, QR code, BLE, push message. We propose an authentication algorithm that can perform user authentication through mutual cooperation using a smart phone and can cancel realtime authentication. And we designed and implemented a mutual authentication system using proposed algorithm.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.5 no.7
• /
• pp.1204-1209
• /
• 2001

According to the rapid development of information and communication, various services are offered using information and communication infrastructure for example e-commerce, internet banking, stock dealings, etc. This time, the most important problem is personal identification. But now secret number that is used to personal identification mostly can be misappropriated. To solve this problem, this paper proposes smart card identification system using 1 vs. 1 fingerprint matching. Information protection and security of smart card excel and use is convenient. And fingerprint becomes the focus of public attention in biometric field. Implemented system in this paper is based on PC. This system stores minutia that is fingerprint information into smart card and compare it with personal minutia. Therefore this system is sure to be on personal identification. If this system is applied to various services, safety degree of services will be enhanced.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.435-441
• /
• 2009

The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

• Journal of the Korea Convergence Society
• /
• v.10 no.12
• /
• pp.63-69
• /
• 2019

Using a smartphone allows quick and easy authentication and payment. However, smartphone security threats are evolving into a variety of new hacking technologies, and are changing to attacks specific to the mobile environment. Therefore, there is a demand for an authentication method suitable for a mobile environment. In order to solve security weaknesses in knowledge-based authentication, many companies provide two-step authentication services such as OTP(One Time Password) to provide authentication services such as finance, games, and login. Although OTP service is easy to use, it is easy to duplicate random number table and has a disadvantage that can be reused because it is used as valid value within time limit. In this paper, we propose a mechanism that enables users to quickly and easily authenticate with high security using the authentication method that recognizes special characters through smartphone's dedicated application.

• Journal of IKEEE
• /
• v.17 no.4
• /
• pp.499-504
• /
• 2013

Automation is being progressed rapidly in various fields with the advancement of IT technology. Home automation is a typical application and is being used in a variety of ways now. Most of digital door lock systems simply support to open and close a door using the methods of password and a particular magnetic key. In this paper, we propose a intelligent digital door lock system using face recognition technology. Our proposed system can control the locking device opening and closing from a remote location after confirming the identification of the visitor via a smart device, and support the reliable and secure control of door systems.