• Journal of the Korea Society of Computer and Information
• /
• v.21 no.2
• /
• pp.61-69
• /
• 2016

In this paper, we propose the authentication server system that prevent hacking in In-app billing applications. And we also propose the methods to verify electronic receipt for the payment of internal app payments and to check the integrity of the applications. Then we designed the payment metabolic system that checks between products-offer list and paid subscription if payment system is hacked with new hacking technologies different from existing ones. And then we implemented proposed authentication system and experimented with about 10,000 average internal application payments per an hour. It shows that proposed system has defensive techniques that counter attacks against in-app billing but it takes more than 0.8916 seconds than no-certification system that is considered as relatively short time.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.67-69
• /
• 2015

본 논문은 앱 내부결제(In-App-Purchase)에 대한 해킹 방법을 방어 할 수 있는 서버 인증 시스템 구축 및 전자 영수증의 검증항목들을 제안하고 있으며 앱의 위변조 검사를 할 수 있는 앱 무결성에 관해서도 제안하고 있다. 또한 기존의 해킹 방식이 아닌 다른 해킹 방식이 나와 보안 시스템이 공격을 받았을 경우 사후 관리 시스템인 상품 지급 내역과 결제 내역을 대조 할 수 있는 대사 시스템을 제안하고 있다. 앱 개발에 있어 내부결제 기능적 구현이 아닌 해킹 피해를 피할 수 있는 방법을 제안함으로 결제보안을 높이고자 한다.

• The Journal of the Korea Contents Association
• /
• v.18 no.9
• /
• pp.141-148
• /
• 2018

Currently, the user authentication technology used by users to access multiple applications within an organization is being applied with ID/PW-based SSO technology. These user authentication methods have the fundamental disadvantages of ID/PW and SSO. This means that security vulnerabilities in ID/PW can lead to periodic changes in PWs and limits on the number of incorrect PW inputs, and SSO adds high cost of the SSO server, which centrally stores the authentication information, etc. There is also a fundamental vulnerability that allows others to freely use other people's applications when they leave the portal application screen with SSO. In this paper, we proposed an app-based 2-channel authentication scheme to fundamentally eliminate problems with existing ID/PW-based SSO user authentication technologies. To this end, it distributed centralized user authentication information that is stored on SSO server to each individual's smartphone. In addition, when users access a particular application, they are required to be authenticated through their own smartphone apps.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.1
• /
• pp.11-18
• /
• 2020

This study aims to complement the poor performance of existing context-aware authentication techniques in the mobile environment. The data used are GPS, Call Detail Record(CDR) and app usage. locational classification according to GPS density was implemented in order to distinguish other people in populated areas in the processing of GPS. It also handles missing values that may occur in data collection. The authentication model consists of two long-short term memory(LSTM) and one Artificial Neural Network(ANN) that aggregates the results, which produces authentication scores. In this paper, we compare the accuracy of this technique with that of other studies. Then compare the number of authentication attempts required to detect someone else's authentication. As a result, we achieved an average 11.6% improvement in accuracy and faster detection of approximately 60% of the experimental data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.579-590
• /
• 2018

In May 2014, AppCard(Which is a smartphone application designed to register and use a credit card in a mobile phone by credit card company.) was attacked by smshing and a vulnerability which could not obtainable phone number. After that, credit card companies have supplemented and operated by introducing additional authentication methods to supplement the vulnerability. However, The analysis of the authentication environments, purposes and methods is not enough to lower the level of vulnerability and risk from existing accidents. This study analyzes the authentication process of the AppCard in the electronic financial service by applying the NIST's authentication guidelines, identifies the problems and suggests improvement directions. The method analyzed in this study can be applied to the analysis of the authentication method in addition to the application card, so that it will be highly utilized.

• Journal of the Korean Society of Industry Convergence
• /
• v.27 no.2_2
• /
• pp.343-356
• /
• 2024

Super app is an application that provides a variety of services in a unified interface within a single platform. With the acceleration of digital transformation, super apps are becoming more prevalent. This study aims to suggest service enhancement measures by analyzing the user review data before and after the transition to a super app. To this end, user review data from a payment-based super app(Shinhan Play) were collected and studied via topic modeling. Moreover, a matrix for assessing the importance and usefulness of topics is introduced, which relies on the eigenvector centrality of the inter-topic network obtained through topic modeling and the number of review recommendations. This allowed us to identify and categorize topics with high utility and impact. Prior to the transition, the factors contributing to user satisfaction included 'payment service,' 'additional service,' and 'improvement.' Following the transition, user satisfaction was associated with 'payment service' and 'integrated UX.' Conversely, dissatisfaction factors before the transition encompassed issues related to 'signup/installation,' 'payment error/response,' 'security authentication,' and 'security error.' Following the transition, user dissatisfaction arose from concerns regarding 'update/error response' and 'UX/UI.' The research results are expected to be used as a basis for establishing strategies to strengthen service competitiveness by making super app services more user-oriented.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.111-118
• /
• 2015

The violent crime has increased dramatically in our society. This is because our society has to change quickly. Strong police force, but this is not enough to solve the crime. And there are a lot of police to investigate the situation difficult to go out to the crime scene. So inevitably increase in the risk of crime. Researchers have conducted a number of studies to solve this problem. However, the proposed study how realistic are many points still lacking. herefore, we to take advantage of smartphones and high-speed Internet access technology to provide security services using the push service for rapid identification and crime situation in this study. Therefore, we would like to provide rapid service to identify criminal security situation using smart-phone app and push services on the high speed internet environments. The proposed system is to record the voice information received from the smart phone near the user presses the hot key is set in advance in real-time, and stores the audio information stored in the LBS information to the server through the authentication procedure. And the server uses the stored voice data and LBS Push service information to inform their families. We have completed the design of the proposed system. And it has implemented a smart phone app, the user authentication server. And using the state in which the push service from the authentication server by transmitting a message to a user to inform a family. But more must examine whether the proposed research is relevant in future studies.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2020.01a
• /
• pp.125-126
• /
• 2020

본 프로젝트는 고객과 택배기사가 배송과정에서 겪는 불편함을 해소하기 위해 App과 IoT센서를 연동하여 배송과정의 편의성을 제공하는 무인 택배함이다. 기존 택배함의 비밀번호를 사용하는 방식이 아닌 택배함에 부착되어있는 NFC 태그 스캔을 통하여 편리하게 물품을 배송 및 보관할 수 있도록 하였다. App은 택배기사와 고객으로 나뉘어 있으며 택배기사 App의 주요 기능은 운송장 번호를 스캔하여 물품을 보관할 여러 택배함 중 하나를 선택하여 해당 택배함의 도어락을 제어하는 기능이 있으며, 고객 App의 주요 기능은 NFC 스캔을 통해 물품이 보관된 택배함 또는 보관할 택배함을 선택하여 도어락을 제어하는 기능이 있다. 그 외에 택배기사 App은 배송 목록 조회, 내 정보 확인 등의 서비스를 제공하고 있으며, 고객 App은 택배 예약, 예약 조회 등의 서비스를 제공하고 있다. 택배함은 와이파이 모듈을 통해 서버와 통신할 수 있도록 하였으며, 충격센서와 Mp3 모듈을 사용하여 택배함에 충격을 가하면 경보음이 울리도록 설계하였다.

• Nuclear Engineering and Technology
• /
• v.52 no.1
• /
• pp.222-222
• /
• 2020

• Nuclear Engineering and Technology
• /
• v.51 no.7
• /
• pp.1791-1798
• /
• 2019

Instrumentation and Control (I&C) systems of nuclear power plants (NPPs) have been continuously digitalized. These systems have a critical role in the operation of nuclear facilities by functioning as the brain of NPPs. In recent years, as cyber security threats to NPP systems have increased, regulatory and policy-related organizations around the world, including the International Atomic Energy Agency (IAEA), Nuclear Regulatory Commission (NRC) and Korea Institute of Nuclear Nonproliferation and Control (KINAC), have emphasized the importance of nuclear cyber security by publishing cyber security guidelines and recommending cyber security requirements for NPP facilities. As described in NRC Regulatory Guide (Reg) 5.71 and KINAC RS015, challenge response authentication should be applied to the critical digital I&C system of NPPs to satisfy the cyber security requirements. There have been no cases in which the most robust response authentication technology like challenge response has been developed and applied to nuclear I&C systems. This paper presents a challenge response authentication mechanism for a Programmable Logic Controller (PLC) system used as a control system in the safety system of the Advanced Power Reactor (APR) 1400 NPP.