• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.59-65
• /
• 2002

Payment systems in EC need confidentiality, integrity, non-repudiation. All transactions between cardholders and merchants must be authorized by a payment gateway in SET protocol. RSA secret key operation which requires heavy computation takes the most part of the time for payment authorization. For the reason, a heavy traffic of payment authorization requests from merchants causes the payment gateway to execute excessive RSA secret key operations, which may cause the bottleneck of the whole system. To resolve this problem, One-Time Password technique is applied to payment authorization step of the SET protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1007-1015
• /
• 2013

The automatic payment process of mobile phone micropayment system has not checked user's authentication. That is the structural vulnerability of mobile phone micropayment system. The malicious contents provider can cheat users and payment gateway through abusing the structural vulnerability. The payment gateway applies standard payment module after August, 2012 in order to solve the problem. But the standard payment module also has the vulnerability that makes damage of users. So the purpose of this paper is to suggest efficient improvement of standard payment module for user protection.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.645-653
• /
• 2002

The WPP payment protocol uses the WAP protocol to enable credit card payment on the wireless internet. Since the security of the WAP protocol is based on the WTLS security protocol, there exists an end-to-end security weakness for the WPP payment protocol. This paper is suggesting a payment protocol, which is making use of the Public-Key Cryptosystem and the Mobile Gateway, so assuring end-to-end security independently of specific protocols. As the on-line certification authority is participating on the authentication process of the payment protocol, the suggested payment protocol enables wireless devices to get services from service providers on other domains.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1337-1344
• /
• 2012

This paper analyzed electronic transaction systems of social commerce service which have rapidly grown recent days, and as a result found that most of the electronic transaction systems of social commerce service had payment amount modification issue. This paper proposes a method for solving the payment amount modification issue. The proposed method adds an authentication process between servers of social commerce service provider and payment-gateway company. The added authentication process prohibits user getting involved in payment procedure, and thus prevents payment amount modification.

• Proceedings of the Korean Information Science Society Conference
• /
• 1998.10a
• /
• pp.353-355
• /
• 1998

전자지불 시스템은 여러 조건을 필요로 하지만, 그 중에서도 이중 사용의 방지는 전자현금의 구현을 위해 꼭 갖추어야 할 조건이다. 이러한 이중사용의 방지를 위해 안전한 하드웨어를 사용하거나, 중앙서버에서 확인을 해주는 방법이 제안되고 있다. 중앙서버에서 확인을 해주는 방법은 기반 시스템이 없어도 사용이 가능하고 더 안전하다고 여겨지고 있다. 그러나, 중앙서버에서의 병목현상이 문제가 되며, 중앙서버가 외부의 침입에 의해 사용할 수 없게 되면 전체 시스템을 사용할 수 없게 된다. 본 논문에서는 중앙서버와 상점의 사이에 Gateway 를 두어 이러한 문제를 줄일 수 있는 구조를 제안하고자 한다.

• The Journal of Information Systems
• /
• v.26 no.4
• /
• pp.137-161
• /
• 2017

Purpose In this study, the difficulties were analyzed with the field data from two domestic and interview with industry practitioners. And We presented initiatives with feasibilities to overcome the hurdle for progress of easy-payment. Design/methodology/approach We collected industry data from two domestic credit card companies and analyzed that data to prove 7 proposition in detail. Also We had interview data from industry practitioners who can understand the relationship between stakeholders. For this analysis, we used the causal loop diagram to find activation inhibition and activation elements about easy-payment. Findings The Fintech easy-payment industry has been organically involved in various partners such as customers, merchants, PGs, VANs, credit card issuers, banks, payment providers, terminal manufacturers, etc. and they have been competing against each other to hold leader position in the easy-payment market. Because of the reasons, the easy-payment does not spread out as much as it expects. In this study, the difficulties were analyzed with the field data and interview with industry practitioners and proposed five initiatives with feasibilities to overcome the hurdle for progress of easy-payment. This study helps to understand current situation and issues of Fintech and easy-payment for related research in future.

• The Journal of Society for e-Business Studies
• /
• v.7 no.1
• /
• pp.35-50
• /
• 2002

Recently, payment method is one of the most hot issues for transaction of contents in mobile and internet markets. Many kinds of mobile contents services are rapidly growing with the combination of internet application services. Payment method algorithms are demanded for the stable transaction between producer and consumer. Security protocol algorithms are widely adapted for mobile Platform terminals. In this Paper, we described security mechanism for the current wireless internet services and compared with the performance result. There are security protocols that based on java machine platform or WAP protocols. The system is based on J2ME technology for the java mobile platform. Based on this technology, a security system is proposed for the service of mobile commerce electronic payment. The system is designed for the stability of transaction so that it enables to apply into many kinds of internet payment system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.51-62
• /
• 2019

Recently, as the number of Smart Phone users increase, the simple payment system has been able to make payments using only card information such as a registered password without extra authorized certificate authentication or input of card information. In this paper, it will examine and analyze simple payment system provided by IT companies and financial institutions and the simple payment system that operates global online payment system by case view of operational direction. Then with this examination, it will study ways to improve the problems with terms of convenience and stability in terms of users. In this paper, it will analyze the inconvenient problem in using the QR code system that recently introduced and will propose solutions. Also, it will propose suggestions to solve inconvenience that caused by system that supports NFC simple payment terminal in Korea is not universalize by analyze case study on the overseas simple payment system. It will also propose opinions on the matters that customer having responsible for event of a small financial accident related to loss or theft when using the simple payment system. Then it will suggest expected requirements to prepare new security technical countermeasures and solve the conditions of meeting expectation satisfaction of users.

• Proceedings of the IEEK Conference
• /
• 2000.11a
• /
• pp.425-428
• /
• 2000

본 논문은 B2C기반의 전자상거래 쇼핑몰에서 후불방식의 전화번호에 상품 구매 대금을 지불할 수 있도록 하는 전화요금결제 시스템의 구성 및 기능에 관한 것이다. 전화요금결제 게이트웨이 (Telephone Payment Gateway ： TPG)는 기존 웹/머쳔트 서버 (Web/Merchant Server), 고객관리 시스템 및 요금관리 시스템과 TCP/IP를 기반으로 하여 연동되어, 쇼핑몰 가입자에게 신용카드, 전자화폐 wallet, on-line 입금 등의 지불 방식과는 다른 지불 방식을 제공함으로써, 지불 방식의 다양화를 도모할 수 있고, 인터넷 사용자 대부분이 가지고 있는 PSTN/ISDN 번호를 가지고 쇼핑몰 상품 대금을 지불할 수 있어서, 전 국민을 가입자로 확보할 수 있는 서비스이다.