• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.183-191
• /
• 2012

This study proposes dual certification model using both what users know and what users own. In detail, this mobile OTP generation model is made up of mobile OTP generation and extraction algorithm satisfying the conditions for reviewing mobile OTP implementation. In order to improve the security of the existing OTP-based systems, the suggested method utilizes user's ID and random number at the mobile OTP generation stage.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.6C
• /
• pp.497-501
• /
• 2012

While increasing online services with developing e-businesses, finance, game companies and others have employed OTP(One-Time Password) to overcome vulnerabilities of static passwords. Existing OTP technology has inconvenience that customers always possess reserved token since requiring the token to generate OTP. In order to supplement the issue we propose mobile OTP generated by mobile devices such as smart phones. Our mobile OTP scheme generates OTP by using a non-linear function based on pairing to eject the collision problem of S/Key scheme universally used to design OTP schemes. Our scheme based on a non-linear function over pairing can complements the collision problem and widely applied to finance and various services to increase security level of the services.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.377-384
• /
• 2013

In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.121-127
• /
• 2012

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN or password, there is no way to modify the exposure if it is exposed and used illegally. To solve the problems, we propose to apply OTP using biometric information to mobile devices for more secure and adaptable authentication. In this paper, we propose a secure framework for delivering biometric information as mobile OTP to the server (TTP) and compared this paper with existed methods about security and performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

• Journal of Advanced Navigation Technology
• /
• v.15 no.1
• /
• pp.39-53
• /
• 2011

As the applications within Mobile devices becoming more extensive, the mobile communication security issues of these applications and researches are appearing to be the most important concern. In this paper, we propose new integration OTP framework technique which uses the fingerprint and voice features of biometrics in order to generate Mobile One Time Passwords (OTPs) Token. The fingerprint and voice are considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords based on mobile environments for one time use. However, we performed a simulation of homomorphic variability of fingerprint and voice feature points using dendrogram and distribution of fingerprint and voice feature points for proposed password generation method, and verified validation of availability.

• Journal of Convergence Society for SMB
• /
• v.4 no.3
• /
• pp.27-31
• /
• 2014

According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.361-370
• /
• 2010

OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.10 no.4
• /
• pp.199-206
• /
• 2015

In this paper, we present the implementation of a secure OTP(One Time Password) generator for IoT(Internet of Things) devices. Basically, MTM(Mobile Trusted Module) is used and expanded considering secure IoT services. We combine the MTM architecture with a new hardware-based OTP generation engine. The new architecture is more secure, offering not only the security of devices but also that of the OTP service. We have implemented and verified the MTM-based OTP generator on a real mobile platform embedded with the MTM chip. The proposed method can be used as a solution for enhancing security of IoT devices and services.

• Convergence Security Journal
• /
• v.11 no.3
• /
• pp.75-84
• /
• 2011

With the rapid development of mobile technology the use of smartphone is spreading. In order to activate mobile banking and market in the future, the most important key is a secure financial transactoin. However, because many apps are developed without security check in proportional to the spread of smartphone, security threat is inevitably high. Current smartphone banking is processed as the way of the existing public certificate or OTP technique in the mobile environment, but many security hole about current technology is pointed out steadily. Therefore, in this paper we are to improve a existing security hole by reinforcing the security through multi-factor authentication and providing a physical non-repudiation.