• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.25 no.4B
• /
• pp.700-707
• /
• 2000

In this paper, we address vulnerabilities of legacy VOD system and implement secure-VOD system to protect security holes of it. Our secure-VOD system provide user authentication using one-time password, message authentication and encryption/decryption for video server information. To improve security of existing fixed password system, our secure-VOD system use one-time password. Also, our secure-VOD system provides integrity for video server information by generating and verifying message authentication code using HMAC-HAS 160 algorithm. Finally, our secure-VOD system uses RC5 encryption algorithm to guarantee confidentiality for video server information.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.11a
• /
• pp.445-448
• /
• 2003

During a time when cellular systems are being deployed in massive scale worldwide, international roaming is becoming increasingly important. This paper presents UIM (User Identification Module) for mobility support, authentication, and service portability between different mobile systems. We also introduce network model based on PASM(Portable Authentication and Mobility Service Machine) which will support signaling protocol and user information conversions with database for roaming between different mobile networks. Stored data types and elements in UIM, logical data structure and configuration, and registration procedures are described here in the case of DCN (Digital CDMA (Code Division Multiple Access) Network System) and GSM (Global System for Mobile Communications).

• Journal of Internet Computing and Services
• /
• v.12 no.5
• /
• pp.39-46
• /
• 2011

The user authentication on the security applications is one of the most important process. Because character based password is commonly used for user authentication, it is most important to protect the keyboard. Due to the reason, several software solutions for keyboard security have been applied to critical sites. This paper introduces vulnerabilities to the commonly used USB keyboard, implements a sample code using the vulnerabilities and evaluates the possibility for the keyboard data to be stolen in the guarded environment. Through the comparison of the result, a countermeasure to the vulnerabilities is proposed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.836-839
• /
• 2011

최근 개인정보보호에 대한 인식이 높아지면서 기업뿐만 아니라 국가적 차원에서도 많은 노력을 하고 있다. 하지만 이러한 현실 속에서도 운송업계는 고객에 대한 개인정보 관리가 매우 미흡 하다. 특히 운송장을 통한 개인정보 노출은 심각한 수준이며, 노출된 개인정보는 보이스 피싱, 택배 기사를 사칭한 강도, 물품 가로채기와 같은 범죄로 이어지고 있다. 따라서 본 논문에서는 운송장 정보를 키 교환방식으로 암호화한 바코드 운송장을 제안하고, 개인정보 노출로부터 안전한 배송 서비스 모델을 제시한다.

• Review of KIISC
• /
• v.3 no.4
• /
• pp.27-37
• /
• 1993

본 연구에서는 기존의 메세지 인증방식인 MAC(Message Aunthentication Code)와 MDC(Manipulation Detection Code)에 대한 제 3자의 적극적인 공격(active attack)하에서의 구조직인 취약점을 분석하고, 이를 보완하는 새로운 인증 방식을 제안하고 검증하였다. 새로운 메세지 인증방식은 기존의 방식과는 다르레 제3자의 공격을 받은 메세지 블럭을 바로 검출할 수 있다는 장점을 가지고 있기 때문에 통신 시스템 상에서 불필요한 메세지의 재전송을 줄일 수 있다는 측면에서 효율적인 인증 방식이다.

• Journal of Internet Computing and Services
• /
• v.21 no.4
• /
• pp.25-34
• /
• 2020

In the current medical information system, a system environment is constructed in which Biometric data generated by using IoT or medical equipment connected to a patient can be stored in a medical information server and monitored at the same time. Also, the patient's biometric data, medical information, and personal information after simple authentication using only the ID / PW via the mobile terminal of the medical staff are easily accessible. However, the method of accessing these medical information needs to be improved in the dimension of protecting patient's personal information, and provides a quick authentication system for first aid. In this paper, we implemented an automatic authentication system based on the patient's situation and evaluated its performance. Patient's situation was graded into normal and emergency situation, and the situation of the patient was determined in real time using incoming patient biometric data from the ward. If the patient's situation is an emergency, an emergency message including an emergency code is send to the mobile terminal of the medical staff, and they attempted automatic authentication to access the upper medical information of the patient. Automatic authentication is a combination of user authentication(ID/PW, emergency code) and mobile terminal authentication(medical staff's role, working hours, work location). After user authentication, mobile terminal authentication is proceeded automatically without additional intervention by medical staff. After completing all authentications, medical staffs get authorization according to the role of medical staffs and patient's situations, and can access to the patient's graded medical information and personal information through the mobile terminal. We protected the patient's medical information through limited medical information access by the medical staff according to the patient's situation, and provided an automatic authentication without additional intervention in an emergency situation. We performed performance evaluation to verify the performance of the implemented automatic authentication system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.121-129
• /
• 2010

For the development of software industry, offers an expanded software authentication scheme caused by the unauthorized copying of software is to reduce the damage to software developers, retail sales and to promote the development of the software industry was studied. Serial Number of the current software registration is conducted in such a simple verification procedure if the Serial Number only illegal and can be installed on multiple computers, such as program code to allow third parties to enter the Serial Number, or the extract can be used without is a reality. The proposed extension to the software authentication system when you install the software, my phone authentication and MAC Address Authentication Service introduced to distinguish normal user, the user of the MAC Address of the server and software development company that was sent to the registered MAC Address of the computer to be run only by the use of genuine software and to make unauthorized copies of software generated by the software developer can reduce the damage of the proposed plan.

• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.83-90
• /
• 2015

Current PKI system will confront more dangerous elements in the wireless network. Accordingly, this study suggests a plan to strengthen authentication system plan with using access control and encryption to the location. Locational information collecting devices such as GPS and sensor are utilized to create a new key for authentication and collect locational information. Such a key encodes data and creates an authentication code for are access control. By using the method suggested by this study, it is possible to control access of a military secret from unauthorized place and to protect unauthorized user with unproposed technique. In addition, this technique enables access control by stage with utilizing the existing PKI system more wisely.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.1180-1200
• /
• 2017

Currently, automated payment services provide intuitive user interfaces by adapting various wireless communication devices with mobile services. For example, companies like Samsung, Google, and Apple have selected the NFC payment method to service payments of existing credit cards. An electronic payment standard has been released for NFC activation within Korea and will strengthen the safety of payment service communications. However, there are various security risks regarding the NFC-based electronic payment method. In particular, the NFC payment service using the recently released lightweight devices cannot provide the cryptographic strength that is supported by many financial transaction services. This is largely due to its computational complexity and large storage resource requirements. The chaotic map introduced in this study can generate a highly complicated code as it is sensitive to the initial conditions. As the lightweight study using the chaotic map has been actively carried out in recent years, associated authentication techniques of the lightweight environment have been released. If applied with a chaotic map, a high level of cryptographic strength can be achieved that can provide more functions than simple XOR operations or HASH functions. Further, this technique can be used by financial transaction services. This study proposes a mutual authentication technique for NFC-PCM to support an NFC payment service environment based on the chaotic map.

• Smart Media Journal
• /
• v.5 no.2
• /
• pp.77-83
• /
• 2016

Today, the great revolution in all financial industrial such as bank have been progressing through the utilization of IT technology actively, it is called the fintech. In this paper, we draw the draft design of NFC-based electronic payment and coupon system using FIDO framework to apply the 2 factor authentication technique for strength security. In detailed, we will study that the terminal device in front-end will be applied the 2 factor authentication and electric signature, and cloud-based payment gateway in back-end will be applied malicious code detection technique of distributed avoidance type.