• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.6
• /
• pp.492-500
• /
• 2013

The One-Time Password(OTP) Generator is used as a multi-factor authentication method to ensure secure transaction during e-Financial transaction in the bank and securities company. The OTP based e-Financial Transaction Verification Protocol ensures secure e-financial transaction through confirming the user's identity using OTP authentication information and counters not only Man-in-the-Browser(MITB) attacks but also memory hacking attacks. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing, pharming, social engineering attacks. Therefore, it needs another scheme to prevent from above threats, and this paper proposes advanced scheme using Physical Unclonable Functions(PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the hysically unclonable features of PUFs. In addition, it is impossible to clone OTP generator with hardware techniques. Consequently, the proposed protocol provides stronger and more robust authentication protocol than existing one by adding PUFs in the OTP generator.

• Journal of the Korea Convergence Society
• /
• v.1 no.1
• /
• pp.93-100
• /
• 2010

Diverse kind of attack using the vulnerability of user authentication on Internet service is announced recently. Especially, security accidents on the Internet banking service and Internet telephony service(SIP) are increased rapidly. Attack skills are also evolved into intelligent mechanism. Therefore, more enhanced authentication mechanism is required on existing Internet banking and telephone services for preventing those kinds of attacks using personal identity information such as biometric data. In this research, the proposed B-OTP mechanism can be used to enhance security on a user authentication procedure by combining biometric data with existing OTP mechanism. As a result, the security on internet banking and Internet telephone service will be more improved by using proposed B-OTP mechanism.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.64-71
• /
• 2020

eFuse OTP memory IP is required to trim the analog circuit of the gate driving chip of the power semiconductor device. Conventional NMOS diode-type eFuse OTP memory cells have a small cell size, but require one more deep N-well (DNW) mask. In this paper, we propose a small PMOS-diode type eFuse OTP memory cell without the need for additional processing in the CMOS process. The proposed PMOS-diode type eFuse OTP memory cell is composed of a PMOS transistor formed in the N-WELL and an eFuse link, which is a memory element and uses a pn junction diode parasitic in the PMOS transistor. A core driving circuit for driving the array of PMOS diode-type eFuse memory cells is proposed, and the SPICE simulation results show that the proposed core circuit can be used to sense post-program resistance of 61㏀. The layout sizes of PMOS-diode type eFuse OTP memory cell and 512b eFuse OTP memory IP designed using 0.13㎛ BCD process are 3.475㎛ × 4.21㎛ (= 14.62975㎛2) and 119.315㎛ × 341.95㎛ (= 0.0408mm2), respectively. After testing at the wafer level, it was confirmed that it was normally programmed.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1899-1904
• /
• 2017

This paper presents a new one-time password approach generated based on $4{\times}4$ pattern schedule. It demonstrates generation of passkey from initial seed of random codes and mapping out in table pattern schedule which will produce a new form of OTP scheme in protecting information or data. The OTP-2FA has been recognized by many organizations as a landmark to authentication techniques. OTP is the solution to the shortcomings of the traditional user name/password authentication. With the application of OTP, some have benefited already while others have had second thoughts because of some considerations like cryptographic issue. This paper presents a new method of algorithmic approach based on table schedule (grid authentication). The generation of OTP will be based on the random parameters that will be mapped out in rows and columns allowing the user to form the XY values to get the appropriate values. The algorithm will capture the values and extract the predefined characters that produce the OTP codes. This scheme can work in any information verification system to enhance the security, trust and confidence of the user.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.207-215
• /
• 2014

Password based authentication systems are most widely used for user convenience in web services. However such authentication systems are known to be vulnerable to various attacks such as password guessing attack, dictionary attack and key logging attack. Besides, many of the web systems just provide user authentication in a one-way fashion such that web clients cannot verify the authenticity of the web server to which they set access and give passwords. Therefore, it is too difficult to protect against DNS spoofing, phishing and pharming attacks. To cope with the security threats, web system adopts several enhanced schemes utilizing one time password (OTP) or long and strong passwords including special characters. However there are still practical issues. Users are required to buy OTP devices and strong passwords are less convenient to use. Above all, one-way authentication schemes generate several vulnerabilities. To solve the problems, we propose a multi-channel, multi-factor authentication scheme by utilizing QR-Code. The proposed scheme supports both user and server authentications mutually, thereby protecting against attacks such as phishing and pharming attacks. Also, the proposed scheme makes use of a portable smart device as a OTP generator so that the system is convenient and secure against traditional password attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.939-946
• /
• 2011

The Internet banking service provides convenience than the traditional offline services. However, it still causes a number of security problems including hacking. In order to strengthen security, the financial institutions have provided such authentication methods as the official authentication certificate, the security token, the security card and OTP. However, the incidents related to hacking have continuously occurred. Especially, various weak points have been suggested for the authentication methods in regard to such types of hacking as the memory hacking or the MITM attack. So I needed was a new authentication method. In this study, the two-channel authentication method which provide two-way authentication on the user's PC and mobile device when executing the electronic financial transactions in the Internet banking environment is suggested. Also, by analyzing it in comparison with other existing methods, it is possible to check that the prospects of safety and credibility are strengthened.

• Proceedings of the Korean Society of Precision Engineering Conference
• /
• 2013.05a
• /
• pp.1259-1260
• /
• 2013

• Electronics and Telecommunications Trends
• /
• v.15 no.3 s.63
• /
• pp.1-9
• /
• 2000

XML은 인터넷과 e-비즈니스를 위한 새로운 언어 구조이다. XML이 갖는 장점을 전자상거래에 이용하기 위해 다양한 XML 기반 전자상거래 프로토콜들이 생겨났고, 전자상거래의 보급 속도와 비례하여 XML의 보급률도 증가하고 있는 실정이다. XML 사용 빈도수가 증가하고 XML 기반 전자상거래 프로토콜들이 급증하고 있는 현재 추세에 따라 여러 단체나 회사들은 XML 기반 어플리케이션 표준과 전자상거래 환경 사이의 상호운용성을 위한 프레임워크 개발에 박차를 가하고 있다. 이에 본 논문에서는 CommerceNet의 eCo, CommerceOne의 CBL, OASIS와 UN/CEFACT의 ebXML, OTP 컨소시엄의 OTP, RosettaNet, OMS Service Ltd.의 EDML, cXML 등 XML과 관련하여 각 전자상거래 단체나 회사들이 추진중인 표준화 동향을 살펴보았다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.7B
• /
• pp.1043-1049
• /
• 2010

E-document deposit and issue service among other services is critical service in CEDA(Certified E-Document Deposit Authority) that assure reliability and stability of E-document. After owner's E-document is registered in CEDA, issuing partial information(a part of page) is to prevent exposure of superfluous information when owner issue E-document to 3rd party. Also we suggested that is able to verify validation of E-document as validation check module is inserted suggested system.