• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Journal of KIISE:Information Networking
• /
• v.30 no.2
• /
• pp.199-206
• /
• 2003

one of the representative micropayment protocols. The original PayWord system is designed for a user who generates paywords by performing hash chain operation for payment to an only designated vendor. In other words, a user has to create new hash chain values in order to establish commercial transactions with different vendors on the Internet. Therefore, we suggest an efficient scheme that is able to deal with business to different vendors by using only one hash chain operation to supplement this drawback. In this proposed system, a broker creates a new series of hash chain values along with a certificate for the user's certificate request. This certificate is signed by a broker to give authority enabling a user to generate hash chain values. hew hash chain values generated by a broker provide means to a user to do business with multiple vendors.

• Journal of Korea Multimedia Society
• /
• v.2 no.2
• /
• pp.145-154
• /
• 1999

We are very interested in electronic commerce today, and it will is more developed in the future. In electronic commerce, we can easily purchase a cheap goods like digital data using a micropayment system. Though small value is used in micropayment system, it is important because it has many application. The transaction cost of a micropayment system must be small. Many protocols for the micropayment system are studied, but it's not support user's anonymity. In this paper, we examines the existing micropayment system and proposes a new micropayment protocol that have a anonymity.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1B
• /
• pp.29-36
• /
• 2011

Near Field Communication is an emerging short-range wireless connectivity technology that offers proximity and different operating modes. Particularly, NFC technology has the potential to revolutionize mobile applications like payment and ticketing because NFC is more complex and mutual connectivity than RFID as the simple tag reader. Finally, NFC security technology defines the robust security protocols. This paper will specify and analyze the NFC security technology, and study the chance and its beneficial effect of the UICC card as the NFC Secure Element.

• Journal of the Korean Operations Research and Management Science Society
• /
• v.28 no.2
• /
• pp.17-33
• /
• 2003

The explosive growth of the internet-based transactions requires not only a secure payment system but also an appropriate trust measuring methodology and secure transaction protocols to guarantee the minimal risk for the transacting entities involved in specific transactions. Especially, in internet auction systems where either buyers or sellers or both can be more than one in one transaction, providing those systems that make sure no one transacting entity takes a major risk becomes critical. In this paper, an improved trust measuring method using a relationship-based internet community for an auction system is proposed. The proposed system incorporates fuzzy set and calculation concepts to help build trust matrices and models, which is used to measure the level of risk involved in a specific auction trade concerned. Also, to optimize the auction trade process in terms of cost and time, the proposed system recommends a differentiated trade protocol according to the risk level involved in each auction trade. To test the appropriateness of the proposed trusted auction system, a prototype system has been developed under a Windows-NT environment.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.51-57
• /
• 2013

RSA is the most widely used public key algorithms. Payment via the SSL communications, and user authentication using RSA secure shopping mall that can protect the user's valuable information in the process of building. SSL-based electronic signature technology and encryption protocols for this technology are electronic documents are delivered to the other party through a separate encryption process, the information sender to enter information on a web browser (user) and the recipient (the Web server of the site Manager), except you will not be able to decrypt the contents. Therefore, the information is encrypted during the transfer of electronic documents even if hackers trying to Sniffing because its contents can never understand. Of internet shopping mall in the user authentication 'and' Communications' SSL secure shopping mall built with the goal of the methodology are presented.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.889-894
• /
• 2004

Most ad-hoc routing protocols such as AODV(Ad Hoc On-Demand Distance Vector) and DSR(Dynamic Source Routing) do not try to search for new routes if the network topology does not change. Hence, with low node mobility, traffic may be concentrated on several nodes, which results in long end-to-end delay due to congestion at the nodes. Furthermore, since some specific nodes are continuously used for long duration, their battery power may be rapidly exhausted. Expiration of nodes causes connections traversing the nodes to be disrupted and makes many routing requests be generated at the same time. Therefore, we propose a load balancing approach called Simple Load-balancing Approach (SLA), which resolves the traffic concentration problem by allowing each node to drop RREQ (Route Request Packet) or to give up packet forwarding depending on its own traffic load. Meanwhile, mobile nodes nay deliberately give up forwarding packets to save their own energy. To make nodes volunteer in packet forwarding. we also suggest a payment scheme called Protocol-Independent Fairness Algorithm (PIEA) for packet forwarding. To evaluate the performance of SLA, we compare two cases where AODV employs SLA or not. Simulation results show that SLA can distribute traffic load well and improve performance of entire ad-hoc networks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.2C
• /
• pp.140-156
• /
• 2012

Since most of recently launched smart devices support NFC(Near Field Communication), RFID applications are tend to be replaced. For instance, previous RFID application areas such as entrance control, mobile e-ticket, electronic payment and et. al are subject to change using NFC. Due to the limitation of passive communication in RFID, it is impossible to cover all security requirements of authentication and authorization mechanism that wide areas of applications demand. Therefore authentication and authorization mechanism based on NFC is very attractive to such applications because active communication methods make it possible to be highly secure in authentication and authorization. In this paper, authors propose a new approach of secure authentication and authorization mechanism using NFC smart devices based on EAP(Extensible Authentication Protocol) and AAA(Authentication, Authorization and Accounting) protocols.

• Journal of Convergence for Information Technology
• /
• v.10 no.11
• /
• pp.40-46
• /
• 2020

Safe security technology is required for the startup ecosystem according to the construction and service of a joint open platform in the financial sector. Financial industry standard open API recommends that payment-related fintech companies develop/apply additional security technologies to protect core API authentication keys in the mutual authentication process. This study proposes an enhanced API security protocol using multiple channels. It was designed in consideration of the compatibility of heterogeneous platforms by further analyzing the problems and weaknesses of existing open API related research. I applied the method of concealment to remove the additional security channels into a single channel of the existing security protocols. As a result of the performance analysis, the two-way safety of the communication session of the multi-channel and the security of the man-in-the-middle attack of the enhanced authentication key were confirmed, and the computational performance of the delay time (less than 1 second) in the multi-session was confirmed.

• The Korean Society of Law and Medicine
• /
• v.21 no.1
• /
• pp.153-185
• /
• 2020

In principle, even if serious consequences such as death or serious injury of a patient occur as a result of a medical accident, if the medical malpractice of a health care worker is not recognized, the health care worker is not held liable for said consequences. However, with the opening of the Korea Medical Dispute Mediation and Arbitration Agency on April 7, 2012, a system was established to compensate health care personnel for their medical malpractices only in the case of "injuries caused by medical accidents in the course of childbirth" (hereinafter referred to as "program for compensation of medical accidents"). Article 46 paragraph 1 of the current Medical Dispute Mediation Act, which is the basis of the Force Majeure Medical Accident Compensation System, stipulates that "medical accidents under delivery" claims are to be determined by the Medical Accident Compensation Review Committee are subject to the compensation project. And the details of the compensation, ratio of sharing financial resources for compensation, scope of compensation, and the guidelines and procedure for the payment of compensations are prescribed by Presidential Decree. In other words, the Presidential Decree requires the state to pay 70 percent of the compensation funds, and 30 percent of the above funds among health care providers. The Constitutional Court has decided on the 2015Hun-Ga13 that the scope of the health care institution's founders and the share of the compensation funds cannot be directly determined by the law, and that the portion delegated by the Presidential decree does not violate the Principle of Legal Protection nor Comprehensive Nondelegation Doctrine. However, this can be seen as an exclusion of accountability for force-induced delivery accidents even if there is no negligence of the medical staff. If the nature of the system is a type of social security system with a social compensatory nature, it could consider eliminating the health care innovator's cost-sharing provisions, leaving the full cost to the state. However, it is also necessary to review institutional protocols that strengthen the efforts of medical institutions in areas such as analysis of the causes of medical accidents and measures to prevent their recurrence. In addition, I think that the conclusion of the Act is in line with the purpose of the Comprehensive Wage Support Regulations that at minimum the law sets an upper limit of the compensation funds that are to be paid by health and medical institutions. Moreover, it is reasonable for the Medical Accident Compensation Review Committee to specify gestational age and weight of births, which are the criteria for compensation, under the Enforcement Decree of the Medical Dispute Mediation Act, in relation to the criteria for payment of contributions by the Medical Accident Compensation Review Committee, and to set the detailed criteria.