• Title/Summary/Keyword: Authentication Factors

Search Result 103, Processing Time 0.021 seconds

Design and implementation of smart card-based multi-authentication mechanism for digital contents delivery (디지털콘텐츠 유통을 위한 스마트카드기반의 다중인증처리방법설계 및 구현)

  • Kim, Yong;Lee, Tae-Young
    • Journal of the Korean Society for information Management
    • /
    • v.19 no.1
    • /
    • pp.23-46
    • /
    • 2002
  • With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

Secure Mutual Authentication Protocol for RFID System without Online Back-End-Database (온라인 백-엔드-데이터베이스가 없는 안전한 RFID 상호 인증 프로토콜)

  • Won, Tae-Youn;Yu, Young-Jun;Chun, Ji-Young;Byun, Jin-Wook;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.1
    • /
    • pp.63-72
    • /
    • 2010
  • RFID is one of useful identification technology in ubiquitous environments which can be a replacement of bar code. RFID is basically consisted of tag, reader, which is for perception of the tag, and back-end-database for saving the information of tags. Although the usage of mobile readers in cellular phone or PDA increases, related studies are not enough to be secure for practical environments. There are many factors for using mobile leaders, instead of static leaders. In mobile reader environments, before constructing the secure protocol, we must consider these problems: 1) easy to lose the mobile reader 2) hard to keep the connection with back-end-database because of communication obstacle, the limitation of communication range, and so on. To find the solution against those problems, Han et al. suggest RFID mutual authentication protocol without back-end-database environment. However Han et al.'s protocol is able to be traced tag location by using eavesdropping, spoofing, and replay attack. Passive tag based on low cost is required lots of communication unsuitably. Hence, we analyze some vulnerabilities of Han et al.'s protocol and suggest RFID mutual authentication protocol without online back-end-database in aspect of efficiency and security.

A Study on the Intention to Use Biometric Authentication When Using Mobile Easy Payment Service: Focusing on the Comparison of Experienced and Non-Experienced Persons (모바일 간편결제 서비스 이용 시 생체인증 사용의도에 관한 연구: 경험자와 비경험자 비교를 중심으로)

  • Jae-Seung Ju;Won-Boo Lee
    • Information Systems Review
    • /
    • v.23 no.4
    • /
    • pp.1-22
    • /
    • 2021
  • In the newly encountered economy caused by the Corona virus Disease-19, remote transaction becomes a new normal that disrupt traditional economic order. In the middle of the disruption, mobile tech is placed and remote finance on mobile is highly noticed and considered as an infra-tech to support the new ecology, In mobile finance. remote payment is becoming the most common service and personal identification on it is critical to operate the new service. There are various means of remotely identifying a person. Recently the use of biometric information is increasing. In this study, a correlation analysis was conducted on factors that effects to biometrics usage and the intention to use in remote personal identification. Variables for critical factor in the remote identification were classified into 4 groups such as Performance expectancy, Effort expectancy, Social influence, and Security. The empirical analysis based on the Unified Theory of Acceptance and Use of Technology (UTAUT) was conducted. The relationship between variables and the intention to use is also analyzed. In the study, stepwise regression analysis was conducted four times in which variables were adjusted in individual stage. As a result, the analysis suggests that performance expectancy, effort expectancy, social influence, security have positive effects for intention to use. Additionally, effort expectancy and security have moderating effects to intention to use depends on biometric authentication experience. The analysis has shown positive effect of variables grouped on the intention to use them. It also suggests that the intention to use biometric authentication will quickly grow. This study is expected to make a contribution to utilize and improve the use of biometric information in mobile payment.

Behavioural Analysis of Password Authentication and Countermeasure to Phishing Attacks - from User Experience and HCI Perspectives (사용자의 패스워드 인증 행위 분석 및 피싱 공격시 대응방안 - 사용자 경험 및 HCI의 관점에서)

  • Ryu, Hong Ryeol;Hong, Moses;Kwon, Taekyoung
    • Journal of Internet Computing and Services
    • /
    • v.15 no.3
    • /
    • pp.79-90
    • /
    • 2014
  • User authentication based on ID and PW has been widely used. As the Internet has become a growing part of people' lives, input times of ID/PW have been increased for a variety of services. People have already learned enough to perform the authentication procedure and have entered ID/PW while ones are unconscious. This is referred to as the adaptive unconscious, a set of mental processes incoming information and producing judgements and behaviors without our conscious awareness and within a second. Most people have joined up for various websites with a small number of IDs/PWs, because they relied on their memory for managing IDs/PWs. Human memory decays with the passing of time and knowledges in human memory tend to interfere with each other. For that reason, there is the potential for people to enter an invalid ID/PW. Therefore, these characteristics above mentioned regarding of user authentication with ID/PW can lead to human vulnerabilities: people use a few PWs for various websites, manage IDs/PWs depending on their memory, and enter ID/PW unconsciously. Based on the vulnerability of human factors, a variety of information leakage attacks such as phishing and pharming attacks have been increasing exponentially. In the past, information leakage attacks exploited vulnerabilities of hardware, operating system, software and so on. However, most of current attacks tend to exploit the vulnerabilities of the human factors. These attacks based on the vulnerability of the human factor are called social-engineering attacks. Recently, malicious social-engineering technique such as phishing and pharming attacks is one of the biggest security problems. Phishing is an attack of attempting to obtain valuable information such as ID/PW and pharming is an attack intended to steal personal data by redirecting a website's traffic to a fraudulent copy of a legitimate website. Screens of fraudulent copies used for both phishing and pharming attacks are almost identical to those of legitimate websites, and even the pharming can include the deceptive URL address. Therefore, without the supports of prevention and detection techniques such as vaccines and reputation system, it is difficult for users to determine intuitively whether the site is the phishing and pharming sites or legitimate site. The previous researches in terms of phishing and pharming attacks have mainly studied on technical solutions. In this paper, we focus on human behaviour when users are confronted by phishing and pharming attacks without knowing them. We conducted an attack experiment in order to find out how many IDs/PWs are leaked from pharming and phishing attack. We firstly configured the experimental settings in the same condition of phishing and pharming attacks and build a phishing site for the experiment. We then recruited 64 voluntary participants and asked them to log in our experimental site. For each participant, we conducted a questionnaire survey with regard to the experiment. Through the attack experiment and survey, we observed whether their password are leaked out when logging in the experimental phishing site, and how many different passwords are leaked among the total number of passwords of each participant. Consequently, we found out that most participants unconsciously logged in the site and the ID/PW management dependent on human memory caused the leakage of multiple passwords. The user should actively utilize repudiation systems and the service provider with online site should support prevention techniques that the user can intuitively determined whether the site is phishing.

Comparative Analysis of ViSCa Platform-based Mobile Payment Service with other Cases (스마트카드 가상화(ViSCa) 플랫폼 기반 모바일 결제 서비스 제안 및 타 사례와의 비교분석)

  • Lee, June-Yeop;Lee, Kyoung-Jun
    • Journal of Intelligence and Information Systems
    • /
    • v.20 no.2
    • /
    • pp.163-178
    • /
    • 2014
  • Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

An Analysis of Environment-friendly Foods Purchase Behavior and Possibility on Entering Chinese Market on the consumers of Shanghai, China (친환경식품의 구매행태 및 중국진출 가능성 분석 - 중국 상하이의 소비자를 중심으로 -)

  • Ro, Chae-Yeong;Cho, Kook-Il;Ahn, Pyong-Ryol
    • Korean Journal of Organic Agriculture
    • /
    • v.16 no.3
    • /
    • pp.259-274
    • /
    • 2008
  • This study was designed to analyze the possibility to enter the Chinese market aggressively by giving light on the factors which have effects on the continuous intention of Shanghai consumers to purchase environment-friendly foods, and the purchase of Korean environment-friendly foods. The objects of analysis were the 209 consumers living in Shanghai, China. As for the analysis method, the frequency, percentage, crossing analysis, $X^2$-test and logistic regression analysis were carried out, making use of SPSS PC+ 13.0. The study results are as follows. Firstly, it was identified that the decisive factors, such as good taste, health of family, freshness, food shop in a department store, international quality authentication, diversity of items and number of family members, had effects on the possibility that the consumers in Shanghai, China would purchase environment friendly foods continuously, showing the meaningful variables. Secondly, as for the decisive factors having effects on the possibility to buy Korean environment friendly foods continuously, it was identified that good taste, health of family, freshness and price cutting were the meaningful variables. Therefore, it is necessary that to set up a export promotion strategy to make the Shanghai consumers get interested in Korean environment-friendly foods and choose to buy the foods.

  • PDF

Security Enhancement of Public Organization Members Based on the Protection Motivation Theory (보호동기이론에 기반한 조직구성원의 보안강화 : 보안정책에 대한 신뢰와 보안스트레스의 매개효과를 중심으로)

  • Choi, Heeyoung;Kang, Juyoung
    • Journal of Information Technology Services
    • /
    • v.19 no.6
    • /
    • pp.83-95
    • /
    • 2020
  • "I think security is only trying to make it uncomfortable." "10% of my work is entering IDs and passwords, such as boot passwords, mobile phone authentication numbers, etc." As reflected in the complaint above, stress caused by information security among organizations' members is increasing. In order to strengthen information security, practical solutions to reduce stress are needed because the motivation of the members is needed in order for organizations to function properly. Therefore, this study attempts to suggest key factors that can enhance security while reducing information security stress among members of organizations. To this end, based on the theory of protection motivation, trust and security stress from information security policies are set as mediating factors to explain changes in security reinforcement behavior. Furthermore, risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of members of organizations. In turn, this can raise protection motivation among members.

A Study on Decision Making for Blockchain-based IT Platform Selection for Security Token (블록체인 기반의 토큰 증권 IT 플랫폼 선택을 위한 의사결정 연구)

  • Soo-oh Yang;Byung Wan Suh
    • Journal of Platform Technology
    • /
    • v.11 no.5
    • /
    • pp.37-48
    • /
    • 2023
  • Since the announcement of the Financial Services Commission's 'Token Securities Issuance and Distribution System Improvement Plan' in February 2023, financial institutions, securities firms, and blockchain companies have been actively considering implementing IT platforms, but they are facing difficulties in selecting IT platforms for token securities because related legal regulations have not yet been clearly established. As a result, the need for rational and systematic criteria for the selection of blockchain-based token securities IT platforms has emerged, and this study explores and evaluates the key factors of token securities IT platform selection. Four factors were identified as the top-level factors, including 'maturity of the platform', 'operation and management of the platform', 'cost of introducing and maintaining the platform', and 'regulatory compliance for token securities', and 17 factors were identified as sub-level factors, including 'diversity', 'user authentication management', 'Adoption Costs', and 'financial regulations'. Among the 17 sub-factors, 'government financial regulation' and 'personal information protection' are selected as important factors, and the results of this study can help related organizations and financial companies make strategic decisions by providing systematic decision-making criteria for selecting token securities IT platforms.

  • PDF

Factors Influencing the Investor's Decision Making: The Moderating Role of Locus of Control

  • KAMRAN, Hafiz Waqas;QAISAR, Abthal;SULTANA, Nayyer;NAWAZ, Muhammad Atif;AHMAD, Hafiz Tanveer
    • The Journal of Asian Finance, Economics and Business
    • /
    • v.7 no.12
    • /
    • pp.535-543
    • /
    • 2020
  • Investors from the whole world are looking for those stock markets that are less affected by interest rates. Pakistan is a good place to invest and the investors from the whole world are considering Pakistan for future ventures. The current study, therefore, aims to analyze the factors affecting investors' decision making in Pakistan with the interaction effect of locus of control. The primary data are gathered from 300 respondents. Structural equation modelling (SEM-PLS) is used to analyze the interactions among variables. The study finds positive impact of availability and representative biases on investment decision making. The study could not find any moderating role of locus of control. The results imply that decisions made by Pakistani investors are driven by the most easily or currently available information and they trust on the information obtained from family and friends without any authentication and verification. One possible description of insignificant moderation effect of locus of control can be the sample traits used in the study, e.g., personal characteristics, that change from culture to culture. Another description of these findings may be the association between heuristic biases, including availability, representative and psychological biases and decision-making regarding investment is not personality specific.

Design and Implementation of a Copyright Protection System base on the Program on-line Registration System (프로그램 온라인 등록 시스템기반의 저작권 보호시스템 설계 및 구현)

  • Jang Jae-Hyeok;Lee Jong-Sup;Choi Yong-Rak
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.2 s.40
    • /
    • pp.275-283
    • /
    • 2006
  • Writers enroll their outcome to Program Deliberation & Mediation Committee and get the copyright preserved for the protection of IPR. The program registration is conducted through off-line and on-line methods, and especially on-line registration provides program registrants convenience along with the safety of property from external copyright invaders. However, it is a shortcoming that the integrity and confidentiality of the enrolled program cannot be guaranteed in case of internal factors such as system errors, administrator's illegal access and revision. This paper proposes the reliable system, ensuring programs and offering convenience of Digital signature management from the system errors and intruding factors by internal administrator, using the security of confidentiality, integrity and Multi-Signature Scheme for program.

  • PDF