• Title/Summary/Keyword: Mobile-OTP

Search Result 58, Processing Time 0.031 seconds

A Study on Mobile OTP Generation Model (모바일 OTP 생성 모델에 관한 연구)

  • Jeong, Yoon-Su;Han, Sang-Ho;Shin, Seung-Soo
    • Journal of Digital Convergence
    • /
    • v.10 no.2
    • /
    • pp.183-191
    • /
    • 2012
  • This study proposes dual certification model using both what users know and what users own. In detail, this mobile OTP generation model is made up of mobile OTP generation and extraction algorithm satisfying the conditions for reviewing mobile OTP implementation. In order to improve the security of the existing OTP-based systems, the suggested method utilizes user's ID and random number at the mobile OTP generation stage.

One-Handled The Mobile One-Time Password Scheme (단일 제어 모바일 일회용 패스워드 기법)

  • Choi, Jong-Seok;Kim, Ho-Won
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.6C
    • /
    • pp.497-501
    • /
    • 2012
  • While increasing online services with developing e-businesses, finance, game companies and others have employed OTP(One-Time Password) to overcome vulnerabilities of static passwords. Existing OTP technology has inconvenience that customers always possess reserved token since requiring the token to generate OTP. In order to supplement the issue we propose mobile OTP generated by mobile devices such as smart phones. Our mobile OTP scheme generates OTP by using a non-linear function based on pairing to eject the collision problem of S/Key scheme universally used to design OTP schemes. Our scheme based on a non-linear function over pairing can complements the collision problem and widely applied to finance and various services to increase security level of the services.

QR Code Based Mobile Dual Transmission OTP System (QR 코드를 이용한 모바일 이중 전송 OTP 시스템)

  • Seo, Se Hyeon;Choi, Chang Yeol;Lee, Goo Yeon;Choi, Hwang Kyu
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.38B no.5
    • /
    • pp.377-384
    • /
    • 2013
  • In order to improve the security strength in the password based user authentication, in which the security vulnerability is increased while the same password is repeatedly used, the OTP(One-Time Password) system has been introduced. In the OTP systems, however, the user account information and OTP value may be hacked if the user PC is infected by the malicious codes, because the user types the OTP value, which is generated by the mobile device synchronized with the server, directly onto the user PC. In this paper, we propose a new method, called DTOTP(Dual Transmission OTP), to solve this security problem. The DTOTP system is an improved two-factor authentication method by using the dual transmission, in which the user performs the server authentication by typing the user account and password information onto the PC, and then for the OTP authentication the mobile device scans the QR code displayed on the PC and the OTP value is sent to the server directly. The proposed system provides more improved security strength than that of the existing OTP system, and also can adopt the existing OTP algorithm without any modification. As a result, the proposed system can be safely applied to various security services such like banking, portal, and game services.

A Framework for Biometric Security based on OTP in Mobile Devices (모바일 장치에서 OTP 기반의 바이오 인식 보안을 위한 프레임워크)

  • Han, Seung-Jin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.4
    • /
    • pp.121-127
    • /
    • 2012
  • Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN or password, there is no way to modify the exposure if it is exposed and used illegally. To solve the problems, we propose to apply OTP using biometric information to mobile devices for more secure and adaptable authentication. In this paper, we propose a secure framework for delivering biometric information as mobile OTP to the server (TTP) and compared this paper with existed methods about security and performance.

A Study on UICC(Universal IC Card)-based Authentication Mechanism using OTP (OTP를 활용한 UICC(Universal IC Card) 기반의 인증 메커니즘에 관한 연구)

  • Kang, Soo-Young;Lee, Im-Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.2
    • /
    • pp.21-31
    • /
    • 2008
  • Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

Availability Verification of Integration OTP Framework using Biometrics Information (바이오매트릭스 정보를 이용한 모바일 기반의 통합 OTP 프레임워크의 유효성 검증)

  • Cha, Byung-Rae;Kim, Nam-Ho;Kim, Jong-Won
    • Journal of Advanced Navigation Technology
    • /
    • v.15 no.1
    • /
    • pp.39-53
    • /
    • 2011
  • As the applications within Mobile devices becoming more extensive, the mobile communication security issues of these applications and researches are appearing to be the most important concern. In this paper, we propose new integration OTP framework technique which uses the fingerprint and voice features of biometrics in order to generate Mobile One Time Passwords (OTPs) Token. The fingerprint and voice are considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords based on mobile environments for one time use. However, we performed a simulation of homomorphic variability of fingerprint and voice feature points using dendrogram and distribution of fingerprint and voice feature points for proposed password generation method, and verified validation of availability.

User Authentication Using Biometrics and OTP in Mobile Device (중소기업형 바이오정보와 OTP를 이용한 사용자 인증)

  • Lee, Sang Ho
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.3
    • /
    • pp.27-31
    • /
    • 2014
  • According to increasing of payment and settlements like smart banking, internet shopping and contactless transaction in smart device, the security issues are on the rise, such as the vulnerability of the mobile OS and certificates abuse problem, we need a secure user authentication. We apply the OTP using biometrics and PKI as user authentication way for dealing with this situation. Biometrics is less risk of loss and steal than other authentication that, in addition, the security can be enhanced more when using the biometric with OTP. In this paper, we propose a user authentication using biometrics and OTP in the mobile device.

  • PDF

Vulnerabilities Analysis of the OTP Implemented on a PC (PC에 탑재된 OTP의 취약점 분석)

  • Hong, Woo-Chan;Lee, Kwang-Woo;Kim, Seung-Joo;Won, Dong-Ho
    • The KIPS Transactions:PartC
    • /
    • v.17C no.4
    • /
    • pp.361-370
    • /
    • 2010
  • OTP(One Time Password) is a user authentication using secure mechanism to authenticate each other in a way to generate a password, an attacker could intercept the password to masquerade as legitimate users is a way to prevent attacks. The OTP can be implemented as H/W or S/W. Token and card type OTP, implemented as H/W, is difficult to popularize because of having problem with deployment and usability. As a way to replace it implemented as S/W on Mobile or PC is introduced. However, S/W products can be target of malicious attacks if S/W products have vulnerability of implementation. In fact, FSA said the OTP implemented on a mobile have vulnerability of implementation. However, the OTP implemented on a PC have no case about analysis of vulnerability. So, in this paper derive security review and vulnerabilities analysis of implemented on a PC.

Implementation of a MTM-based secure OTP Generator for IoT Devices (IoT 디바이스를 위한 MTM 기반의 안전한 OTP 생성기 구현)

  • Kim, Young-Sae;Han, Jin-Hee;Jeon, Yong-Sung;Kim, Jung-Nyu
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.10 no.4
    • /
    • pp.199-206
    • /
    • 2015
  • In this paper, we present the implementation of a secure OTP(One Time Password) generator for IoT(Internet of Things) devices. Basically, MTM(Mobile Trusted Module) is used and expanded considering secure IoT services. We combine the MTM architecture with a new hardware-based OTP generation engine. The new architecture is more secure, offering not only the security of devices but also that of the OTP service. We have implemented and verified the MTM-based OTP generator on a real mobile platform embedded with the MTM chip. The proposed method can be used as a solution for enhancing security of IoT devices and services.

A Study on The Improvement of User Authentication using the Facial Recognition and OTP Technique in the Mobile Environment (모바일 환경에서 OTP기술과 얼굴인식 기술을 이용한 사용자 인증 개선에 관한 연구)

  • Huh, Seung-Pyo;Lee, Dae-Sung;Kim, Kui-Nam
    • Convergence Security Journal
    • /
    • v.11 no.3
    • /
    • pp.75-84
    • /
    • 2011
  • With the rapid development of mobile technology the use of smartphone is spreading. In order to activate mobile banking and market in the future, the most important key is a secure financial transactoin. However, because many apps are developed without security check in proportional to the spread of smartphone, security threat is inevitably high. Current smartphone banking is processed as the way of the existing public certificate or OTP technique in the mobile environment, but many security hole about current technology is pointed out steadily. Therefore, in this paper we are to improve a existing security hole by reinforcing the security through multi-factor authentication and providing a physical non-repudiation.