• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.226-232
• /
• 1996

본 논문에서는 기존의 일회용 비밀번호 시스템의 사용 횟수의 제한 문제를 "서명 고리" 개념을 사용하여 해결한 횟수 제한이 없는 일회용 비밀번호 시스템을 제안한다 제안하는 방식은, 역설적인 개인식별정보 방식인, 자체인증 개인식별정보에 기반을 둔 서명방식을 사용하였으며, 홈 뱅킹에 적합한 실용적인 일회용 비밀번호 시스템이다.밀번호 시스템이다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.22 no.6
• /
• pp.17-22
• /
• 2017

In this paper, a password recognition system that can overcome a shoulder-surfing attack is developed. During the time period of password insertion, the developed system can prevent the attack and enhance the safety of the password. In order to raise the detection rate of the password image, the mopology technique is utilized. By adapting 4 times of the expansion and dilation, the niose from the binary image of the password is removed. Finally, the mobile phone application is also developed to recognize the one time password and the detection rate is measured. It is shown that the detection rate of 90% is achieved under the dark light condition.

• Environmental engineer
• /
• v.24 s.251
• /
• pp.78-81
• /
• 2007

• The Journal of the Korea Contents Association
• /
• v.14 no.12
• /
• pp.565-573
• /
• 2014

We have various e-commerce like on-line banking, stock trading, shopping using a PC or SmartPhone. In e-commerce, two parties use the certificate for identification and non-repudiation but, the attack on the certificate user steadily has been increasing since 2005. The most of hacking is stealing the public certificate and private key files. After hacking, the stolen public certificate and private key file is used on e-commerce to fraud. Generally, the private key file is encrypted and saved only with the user's password, and an encrypted private key file can be used after decrypted with user password. If a password is exposed to hackers, hacker decrypt the encrypted private key file, and uses it. For this reason, the hacker attacks user equipment in a various way like installing Trojan's horse to take over the user's certificate and private key file. In this paper, I propose the management method to secure private key of PKI using One Time Password certification technique. As a result, even if the encrypted private key file is exposed outside, the user's private key is kept safely.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.723-726
• /
• 2023

본 논문은 기존의 OTP(One-Time Password) 시스템의 한계와 약점을 해결하기 위하여 지문인식을 활용한 OTP 시스템에 대하여 연구를 진행하였다. OTP 시스템 자체가 높은 보안성을 가지고 있지만, 은행에서 발급하는 OTP는 생성 버튼만 누르면 비밀번호가 생성되기 때문에, 분실 및 도난 상황에서 2차 인증에 대한 보안이 허술해 질 수 밖에 없다. 본 연구에서는 지문인식 기반 OTP 시스템의 개발 방법을 마련하여 사회적으로 보안에 대한 인식을 높이고, 동시에 사용자의 편의성을 높이기 위한 방법을 제시하고자 한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.1027-1034
• /
• 2017

Recently, OTP (One-time-Password) log-in methods have been used in many areas to prevent leakage of personal information and enhance security. The OTP method is primarily used for security of bank personal account, this is one of the sophisticated security ways in which one time password is generated and checked to enhance security. Digital door locks frequently used in everyday life require convenience and safety simultaneously. Meanwhile, related technologies for digital door locks are evolving, but methods for enhancement of security are still unsatisfactory. Generally, the digital door lock using password input type has been most commonly used and especially it provides more convenience, but it has some problems such as password exposure and password oblivion. Therefore, in this study, we propose and implement the OTP-based digital door lock system with enhanced security and convenience features but without the risk of password exposure and oblivion.

• Journal of the Korea Convergence Society
• /
• v.9 no.9
• /
• pp.15-22
• /
• 2018

As smart devices become popular, users can use authentication services in various methods. Authentication services include authentication using an ID and a password, authentication using a sms, and authentication using an OTP(One Time Password). This paper proposed an authentication system that solves the security problem of knowledge-based authentication using optical character recognition and can easily and quickly authenticate users. The proposed authentication system extracts a character from an uploaded image by a user and authenticates the user using the extracted character information. The proposed authentication system has the advantage of not using a password or an OTP that are easily exposed or lost, and can not be authenticated without using accurate photographs. The proposed authentication system is platform independent and can be used for user authentication, file encryption and decryption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.501-507
• /
• 2015

The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.763-768
• /
• 2003

In this paper, we propose a S/KEY based authentication protocol using smart cards to address the vulnerebilities of both the S/KEY authentication protocol and the secure one-time password protpcol which YEH, SHEN and HWANG proposed [1]. Because out protpcel is based on public key, it can authenticate the server and distribute a session key without any pre-shared secret. Also, it can prevent off-line dictionary attacks by using the randomly generated user is stored in the users smart card. More importantly, it can truly achieve the strength of the S/KEY scheme that no secret information need be stored on the server.

• Review of KIISC
• /
• v.22 no.2
• /
• pp.30-36
• /
• 2012

OTP는 사용할 때마다 매번 새롭게 생성되는 일회용 비밀번호로, 전자적 해킹 위협의 증가로 강한 인증을 필요로 하는 산업계의 각 분야에서 활발하게 사용되고 있다. 국내에서는 OTP 기반 인증 기술이 금융, 전자정부, 게임, 포털사이트 등에 적용되었으며, 싱가포르는 국가 차원에서 OTP 발생기를 이용해 국가인증 프레임워크(NAF, National Authentication Framework)를 개발하여 서비스 준비 중에 있다. 이와 같이 OTP는 그 사용 범위가 날로 늘어나고 있으며, 이를 반영하듯 OTP 통합인증 프레임워크나 OTP기반 부인방지 기술 등의 표준화가 국내 외에서 활발하게 진행되고 있는 실정이다. 이에, 본 논문에서는 국내 외에서 제정되었거나 진행 중인 OTP 표준을 소개하고 대표적인 표준을 분석 및 정리하여 OTP 표준화 동향을 알아봄으로써 OTP 기술 및 표준의 개발에 참고가 될 수 있는 정보를 제공하고자 한다.