• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.113-119
• /
• 2003

In WISA 2002, Ham et al. proposed a one-way mobile payment system. They claimed that the electronic cash of the system satisfies unforgeability and double spending prevention. In this paper, we point out that their system is not secure as they claimed by showing that the forgery of payment scripts is possible.

• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.41-48
• /
• 2024

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.1
• /
• pp.73-85
• /
• 2012

Presently, Enhanced electronic financial service are offered used open network due to development of IT and financial transactions. The protocol in this environments such as SET, SSL/TLS, and so on are electronic transaction protocol to perform electronic payment securely and efficiently. However, most users still does not know accurately how to use and potential problems. It especially has key management problem about generate session key for purchase products or payment. To solve this problem, we propose proxy re-encryption based secure electronic transaction to transmit payment and order information without addition session key.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.1
• /
• pp.23-37
• /
• 2000

본 논문은 인터넷 상에서 전자상거래가 이루어지는데 기본적으로 요구되는 보안성을 강화하기 위해 침입탐지 전자지불 프로토콜을 제안하였다. 여기서 침입탐지 기능이란 저보 전송이 이루어지는 순간마다 침입이 발생하였는지 탐지하도록 하므로써 신속한 탐지가 이루어지도록 하는 기능을 말한다. 제안된 침입탐지 전자지불 프로토콜의 타당성, 안정성을 분석하기 위해 페트리네트와 CPN(Coloured PetriNet)을 이용하여 모델링하였다. 또한 암호화 논리의 유용한 검증 도구로서 BAN(Burrows-Abadi-Needham)논리 시스템과 Kailar 논리 시스템을 이용하여 프로토콜의 타당성과 안정성을 확인 ·검증하였다.

• Proceedings of the Korean Society for Information Management Conference
• /
• 2000.08a
• /
• pp.181-184
• /
• 2000

전자상거래의 급격한 성장에 따라 인터넷이라는 광용 네트워크에서 보다 안전한 지불수단을 필요로 하게 되었다. 현재 SSL을 이용한 정보보호 방법과 SET를 이용한 지불 프로토콜이 표준화 및 상용화되어 있다. 그러나 SSL은 신용카드나 직불카드 번호와 같은 중요한 정보들이 사용자의 의지와 상관없이 여러 통로로 노출될 수 있으며 거래 당사자들의 인증수단이 취약하다는 단점이 있다. SET 역시 프로세스들이 복잡하고 비용 등에 부담을 주고 있다. 새로운 대안으로 SSL 기반에 특정한 상황에 SET으로 대체하는 것과 SSL에 인증기능을 강화하는 등의 새로운 연구들이 이루어지고 있다. 본 연구에서는 SET 프로토콜 기반의 새로운 지불 시스템을 제안한다.

• Journal of Intelligence and Information Systems
• /
• v.12 no.3
• /
• pp.1-13
• /
• 2006

Ubiquitous computing is a study area explained in a myriad of contexts and technological terms. Payment, however, refers in nature to an act of money transfer from one entity to another, and it is obvious that a payment method will be valued as long as the transaction can be completed with safety no matter what technology was used. The key to U-payment is convenience and security in the transfer of financial information. The purpose of this paper is to find a desirable U-payment scheme by looking at the characteristics of seamlessness under the ubiquitous environments, strong personal device, and peer-based information transactions. We also propose U-SDT Protocol integrating technologies such as Radio Frequency Identification (RFID), Bluetooth, Personal Payment Device, Account Managing Application and Transaction ID as a way to make transactions between users seamless and secure better privacy protection.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1996.11a
• /
• pp.109-121
• /
• 1996

• Journal of Advanced Navigation Technology
• /
• v.11 no.1
• /
• pp.112-117
• /
• 2007

The Internet leads the transformation of the all-over social life with its radical diffusion and development. Moreover, it can be more focussed on the electronic commerce using the Internet - a new type of commerce, which is diffusion and developing. In the paper, we propose an electronic payment protocol with a network-type electronic-cash based on Public Key Infrastructure(PKI). The proposed protocol overcomes the problem of NetBill which deals with only contents and can't ensure anonymity. It also prevents illegal copy and distribution and insures the greatest safety by means of giving a certification number to the digital contents offered on the on-line.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.135-144
• /
• 2017

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.