• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.9
• /
• pp.1777-1787
• /
• 2017

Federated authentication (FA) is a multi-domain authentication and authorization infrastructure that enables users to access nationwide R&D resources with their home-organizational accounts. An FA-enabled user is redirected to his/her home organization, after selecting the home from an identity-provider (IdP) discovery service, to log in. The discovery service allows a user to search his/her home from all FA-enabled organizations. Users get troubles to find their home as federation size increases. Therefore, a discovery service has to provide an intuitive way to make a fast IdP selection. In this paper, we propose a discovery system which leverages geographical information. The proposed system calculates geographical proximity and text similarity between a user and organizations, which determines the order of organizations shown on the system. We also introduce a server redundancy and a status monitoring method for non-stop service provision and improved federation management. Finally, we deployed the proposed system in a real service environment and verified the feasibility of the system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.959-972
• /
• 2021

Decentralized Identity is based on the concept of self-sovereign identity, in which holders manage and provide their own credentials. However, a procedure is required to obtain credentials from issuers, and there is a risk of mess personal information leaking due to negligence of the issuers. In this paper, we propose a peer decentralized identity system based on Peer DID technology that allows only participants to verify their identity in 1:1 or 1:N small groups by matching the holder with the issuer. It is directly connected to a mobile device using short-range wireless communications such as bluetooth, and the holders create and provide their own credentials in person to the other party, thus fully realizing the self-sovereignty identity. The proposed system can simplify the identification process, improve security and privacy, and reduce costs. Furthermore, an extended architecture is possible to connect the proposed system and the distributed ledger to identify users in other domains. In the future, based on various technologies, it is also necessary to expand research on identity systems that can be utilized for human-to-thing and things-to-things authentication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.563-577
• /
• 2018

In order to support secure communication in VANET(Vehicular Ad hoc Network), messages exchanged between vehicles or between vehicle and infrastructure must be authenticated. In this paper, we propose a hierarchical anonymous authentication system for VANET. The proposed system model reduces the overhead of PKG, which is a problem of previous system, by generating private keys hierarchically, thereby enhancing practicality. We also propose a two-level hierarchical identity-based signature(TLHIBS) scheme without pairings so that improve efficiency. The proposed scheme protects the privacy of the vehicle by satisfying conditional privacy and supports batch verification so that efficiently verifies multiple signatures. Finally, The security of the proposed scheme is proved in the random oracle model by reducing the discrete logarithm problem(DLP) whereas the security proof of the previous ID-based signatures for VANET was incomplete.

• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.65-72
• /
• 2020

In this paper, a USB module with fingerprint recognition was designed as a distributed node of blockchain on distributed ID (DID, distributed ID) for user identification. This biometric-linked fingerprint recognition device was verified for the real-time authentication process of authentication transaction with FIDO(Fast IDentity Online) server. Blockchain DID-based services were proposed like as a method of individual TV rating survey, and recommending service for customized shopping channels, and crypto-currency, too. This DID based remote service can be improved by recognizing of channel-changing information through personal identification. The proposed information of production purchase can be shared by blockchain. And customized service can be provided for the utilization of purchase history in shoppingmall using distributed ID. As a result, this blockchain node-device and Samsung S10 Key-srore with FIDO service can be certified for additional transactions through various biometric authentication like fingerprint, and face recognition.

• Journal of the Optical Society of Korea
• /
• v.19 no.5
• /
• pp.467-476
• /
• 2015

Finger vein recognition, which is a promising biometric method for identity authentication, has attracted significant attention. Considerable research focuses on transmission-type finger vein recognition, but this type of authentication is difficult to implement in mobile consumer devices. Therefore, reflection-type finger vein recognition should be developed. In the reflection-type vein recognition field, the majority of researchers concentrate on palm and palm dorsa patterns, and only a few pay attention to reflection-type finger vein recognition. Thus, this paper presents reflection-type finger vein recognition for biometric application that can be integrated into mobile consumer devices. A database is built to test the proposed algorithm. A novel method of region-of-interest localization for a finger vein image is introduced, and a scheme for effectively extracting finger vein features is proposed. Experiments demonstrate the feasibility of reflection-type finger vein recognition.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.7
• /
• pp.1501-1509
• /
• 2011

Current identity management 1.0 model, which is service provider-centric and isolated, has several problems such as low usability, high cost structure, difficulty in privacy protection, and lack of trust infrastructure. Though various SSO-based identity management 2.0 models including Passport/Live ID, Liberty Alliance/SAML, CardSpace, and OpenID have been recently developed in order to overcome those problems, they are not widely accepted in real Internet environment so as to replace the existing identity management 1.0 model. This paper firstly analyzes the widely-known identity 2.0 models in a comparative way, and then presents a perspective on the development direction of identity management 3.0 model for future Internet.

• Convergence Security Journal
• /
• v.16 no.5
• /
• pp.57-63
• /
• 2016

In recent years, there is growing interest in 'Fin-tech' in the domestic and international financial sector. And a variety of services in such a situation has emerged. To ensure the safety of from hacking attacks, many new technologies have been developed. These leading technology is the Bio-authentication method that you consider applying to the financial sector. Bio authentication is using biometric information. Also it is known that can cope the threat of fabrication and modifying attacks with shared and stored. However, Recently, When you look at hacking incidents of biometric data(560 million cases) in the United States Office of Personnel Management and advent of the fingerprints counterfeit technology, We can be known that should be reconsidered about the safety of bio-certification. Especially, it should be provided with a response measures for the problem of embezzlement that biometric information already been leaked. Thereby In this paper, by investigating biometric technologies and practices applied and of the vulnerability factor in many industries, it expected to be utilized in the prepared threats countermeasures in accordance with the application of the biometric authentication technology in a future.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.3
• /
• pp.125-132
• /
• 2005

Wireless access always has to include the authentication of communication partners and the encryption of communication data in order to use secure M-Commerce services. However, wireless systems have limitations compared with the wired systems, so we need an efficient authentication and key exchange protocol considering these limitations. In this paper, we propose an efficient authentication and key exchange protocol for M-Commerce users using elliptic curve crypto systems. The proposed protocol reduces the computational load of mobile users because the wireless service provider accomplishes some parts of computations instead of the mobile user, and it uses the password-based authentication in wireless links. Also, it guarantees the anonymity of the mobile user not to reveal directly the real identity of the user to the M-Commerce host, and preserves the confidentiality of communication data between the M-Commerce host and the user not to know the contents of communication between them to others including the wireless service provider.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.29-42
• /
• 2019

As online services become more and more popular due to the development of IT, non-face-to-face transactions are continuously increasing rather than face-to-face transactions. The personal identity proofing service(PIPS) based on the alternative method of the resident registration number is used for the purpose of confirming the identity of the other party on the Internet. However, in the case of the current PIPS, the personal information of the PIPS user is excessively provided to the online service provider. As a result, privacy problems of online users, shortage of choice of information providing options, and lack of differentiation of authentication methods are becoming problems. Therefore, this paper proposes a method to improve the PIPS based on the current resident registration number alternative method and to provide a method to differentiate the provision of excessive personal information. In the proposed method, we analyze trends and current status of overseas online PIPS in order to provide a method of providing differentiation of personal information and proposes an effective improvement method applicable to domestic.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.6
• /
• pp.575-589
• /
• 2020

Along with the exponential growth of data businesses, the importance of data containing personal information of use have also increaseing. Particularly, in Korea, as the Data 3 Act was implemented, companies can use personal information more actively through regulatory improvement and stipulation in case of using data containing personal information. In this situation as per the service use, self-sovereign identity technology has emerged that can minimize the provision of personal information in relation to real name authentication and provision of personal information. Recently, services and studies using blockchain have been actively conducted in case of using the self-sovereign identity function for clarity and verification of records according to the use of personal information. In this thesis, by analyzing the characteristics of domestic self-sovereign identity service and the current status and contents of research related to blockchain-based self-sovereign identity technology and we suggest a research direction based on self-sovereign identity technology to reinforce the sovereignty of personal information in the era of the 3rd Data Act do.