• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.3
• /
• pp.53-64
• /
• 2017

Korean Identification card or driver license is usually used to verify one's identity in Korea. These are also used as an adult certification. Since the form of these ID card is an analog and it needs to be checked with naked eyes, it might be used maliciously. Someone who's got someone else's ID card can do other things. Therefore, it must be reported rapidly when ID card is lost or stolen. The most serious problem might be occurred when they do not recognize and report the loss. They might suffer from pecuniary or mental damage such as opening a mobile phone service, providing loan or credit card, opening a personal checking account, etc. Thus, this study suggests and compares the ways of avoiding these problems. First, the most effective way is to send the authorization code via mobile phones in consideration of build-up period and cost. The person in charge of business processing department using ID card sends the authorization code via registered mobile phone. The owners submits it to the person and their identifications are confirmed. Next effective way is that the person in charge of business processing department using ID card sends text messages via registered mobile phone. Lastly, the most ineffective way is to introduce and implement the electronic ID card ultimately even though it is expensive and takes a long time to build up the system.

• Journal of Digital Convergence
• /
• v.18 no.11
• /
• pp.477-483
• /
• 2020

Credit cards are becoming an important marketing tool that reveals brand identity beyond payment methods. The purpose of this study is to suggest an effective design strategy plan by analyzing credit card design case that provided a positive brand experience among the cases of implementing the brand identity of a domestic credit card. The design of a representative credit card brand in Korea was analyzed according to Schmidt's experience type. As a result of analysis, when designing a credit card, it maximizes the visual effect with colors suitable for each theme, presents a multi-faceted experience that stimulates the five senses of the consumer, and provides an active brand experience that can reminisce the benefits of a credit card. It was found to be effective in revealing the brand identity. This study is meaningful in that local credit card companies offer design directions that can positively imprint brands on consumers through credit card designs.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.7
• /
• pp.1501-1509
• /
• 2011

Current identity management 1.0 model, which is service provider-centric and isolated, has several problems such as low usability, high cost structure, difficulty in privacy protection, and lack of trust infrastructure. Though various SSO-based identity management 2.0 models including Passport/Live ID, Liberty Alliance/SAML, CardSpace, and OpenID have been recently developed in order to overcome those problems, they are not widely accepted in real Internet environment so as to replace the existing identity management 1.0 model. This paper firstly analyzes the widely-known identity 2.0 models in a comparative way, and then presents a perspective on the development direction of identity management 3.0 model for future Internet.

• Asia Marketing Journal
• /
• v.14 no.3
• /
• pp.153-167
• /
• 2012

KB Kookmin Card has separated as an independent corporation from KB Kookmin Bank Credit Card Business Group on March, 2011. Ever since, KB Kookmin Card worked to build its own brand identity. The strategic preparation and conscientious implementations made KB Kookmin Card position in consumer's mind with a strong and unique brand image. Its new brand image was rooted in the inherited strengths of reliable and sincere image. However, it faced the challenge to compete in credit card industry in which most competitors had an advanced and sophisticated image. The strengths of KB Kookmin Card were also at the same time their limitations. KB Kookmin Card took a strategy that strengthened the strengths and improved the weaknesses. It focused on the core competence of being a people's sincere life supporter that helps people make savings from everyday events to make a good sum rather than being a lump sum benefit. The brand introduction strategy was implemented in 2011. The implementation focused on the activities that made internal as well as external customers be aware of the brand. Communication programs using a variety of media were executed to attain this goal. In 2012, second phase communication programs were introduced to elaborate the newly established brand image. It introduced many extended products as well as accessory programs which targeted the segments. Also, various CSR activities in many social domains helped consumers and the public to consider KB Kookmin Card an authentic, caring, trustworthy, and consistently-developing supporter in their everyday lives.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.1
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.11 no.1
• /
• pp.59-67
• /
• 2015

A novel authentication mechanism is biometric authentication where users are identified by their measurable human characteristics, such as fingerprint, voiceprint, and iris scan. The technology of biometrics is becoming a popular method for engineers to design a more secure user authentication scheme. In terms of physiological and behavioral human characteristics, biometrics is used as a form of identity access management and access control, and it services to identity individuals in groups that are under surveillance. In this article, we review the biometric-based authentication protocol by Althobati et al. and provide a security analysis on the scheme. Our analysis shows that Althobati et al.'s scheme does not guarantee server-to-user authentication. The contribution of the current work is to demonstrate this by mounting threat of data integrity and bypassing the gateway node on Althobati et al.'s scheme. In addition, we analysis the security vulnerabilities of Althobati et al.'s protocol.

• Journal of Broadcast Engineering
• /
• v.13 no.4
• /
• pp.528-543
• /
• 2008

Internet Protocol Television (IPTV) provides an interactive and personalized service for realizing integrated broadcasting and telecommunication services. Set-top box (SIB) connected to TV is an essential component required for IPTV and has a unique hardware identifier used in identification and authentication. It means that subscriber authentication based on box-level identification is inconsistent with IPTV's main intention of providing personalized services. The proposed solution is to provide an opportunity to use the flexible user-centric authentication mechanism through Java Card applets in IPTV application server and 3G networks. This paper suggests personalized services by moving the user's private data and authentication management beyond the STB to a truly personalized device, the ubiquitous mobile phone. In addition, this paper presents effectiveness and security analysis for verifying the proposal.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.139-144
• /
• 2007

Due to the increasing use of Internet and spread of ubiquitous environment the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users. In the study of authentication system using a smart card which is one of the methods for protecting private information, the main idea is to offer user anonymity. In 2004, Das et al. suggested an authentication system that guarantees anonymity by using a dynamic ID for the first time. However, this scheme couldn't guarantee complete anonymity as the identity of the user became revealed at log-in phase. In 2005, Chien at al. suggested a authentication system that guarantees anonymity, but this was only safe to the outsider(attacker). In this paper, we propose a scheme that enables the mutual authentication between the user and the sewer by using a smart card. For the protection of the user privacy, we suggest an efficient user authentication system that guarantees perfect anonymity to both the outsider and remote server.

• Electronics and Telecommunications Trends
• /
• v.22 no.3 s.105
• /
• pp.136-143
• /
• 2007

인터넷의 확산과 웹 2.0 환경의 도래에 따라, 사용자가 관리해야 하는 디지털 형태의ID 정보가 기하 급수적으로 증가하고 있다. 이것은 사용자의 ID 관리 부담, 동일한 패스워드의 반복적인 사용으로 인한 보안성 저하, ID 정보의 유출에 의한 사용자 프라이버시 침해 문제 등을 발생시키고 있다. 따라서 사용자를 인증하고, 사용자의 ID 정보를 관리해주는 ID 관리 시스템이 매우 중요해지고 있다. 본 고에서는 인터넷 규모의 온라인 서비스를 대상으로 사용자를 인증하고 사용자의 ID 정보를 관리하는 대표적인 ID관리 시스템인 SAML, CardSpace, Open ID를 살펴 보고, 이들 시스템의 특징을 비교 분석한다.