• Journal of Digital Contents Society
• /
• v.14 no.1
• /
• pp.81-88
• /
• 2013

The increase of the smartphone users has popularized the mobile payment and the mobile credit card users are rapidly getting increased. The mobile credit cards that currently used provide its users with the service through downloading mobile credit card information into USIM. The mobile credit card saved in USIM has the minimized information for the security and is based on PKI. However certificate-based payment system has a complicated procedure and costs a lot of money to manage the certificates and CRL(Certificate Revocation List). Furthermore, It can be a obstacle to develop local e-commerce in Korea because it is hard for foreigners to use them. We propose the secure and efficient mobile credit card payment protocol based on certificateless signcryption which solve the problem of certificate use.

• Journal of Intelligence and Information Systems
• /
• v.20 no.2
• /
• pp.163-178
• /
• 2014

Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

• Journal of Korea Society of Industrial Information Systems
• /
• v.4 no.1
• /
• pp.97-101
• /
• 1999

The most important technical problem in EC is about secure electronic payment systems. Electronic payment systems come three different types distinguished by the payment method: electronic cash, electronic check, and creditcard. In these types, electronic cash payment system is popular and practical as in real commerce. But electronic cash can be copied easily, then it is infeasible to prevent user from double-spending a coin. In this paper, we overview several requirements for secure electronic payment system and present other proposed additions to the results. At last we present a model system which considers requirements above examined.

• The Journal of Information Technology
• /
• v.4 no.1
• /
• pp.55-69
• /
• 2001

TradeCard is a B2B (business-to-business) e-commerce infrastructure that enables buyers and sellers to conduct and settle international trade transactions securely over the Internet. and objective of TradeCard is to provide a secure, reliable, cost-effective and user-friendly solution for conducting and settling international trade transactions. This paper analyzes the reviews of TradeCard by Electronic Message and the various problems which come to application of TradeCard, with particular attention to existing international frameworks for payment systems based on Documentary Credit.

• Proceedings of the KSR Conference
• /
• 2008.06a
• /
• pp.535-544
• /
• 2008

Unlike MS(Magnetic Stripe), SMART CARD is equipped with COS(Chip Operating System) consisting of the Microprocessor and Memory where information can be stored and processed, and there are two types of cards according to the contact mode; the contact type that passes through a gold plated area and the contactless one that goes through the radio-frequency using an antenna embedded in the plastic card. the contactless IC card used for the transportation card was first introduced into local area buses in Seoul, and expanded throughout the country so that it has removed the inconvenience such as possession of cash, fare payment and collection. Focusing on the Seoul metropolitan area in 2004, prepaid and pay later cards were adopted and have been used interchangeably between a bus and subway. The card terminal compatible between a bus and subway is Proximity Integrated Circuit Card(PICC) as international standards(1443 Type A,B), communicates in the 13.56MHz dynamic frequency modulation-demodulation system, and adopts the Multi Secure Application Module(SAM). In the second half of 2009, the system avaliable nationwide will be built when the payment SAM standard is implemented.

• The Journal of Information Technology
• /
• v.7 no.2
• /
• pp.77-92
• /
• 2004

Global Electronic Trading means that trading partners trade each other via Global Electronic Trading Network, that is, global business to business electronic commerce. Electronic payment systems are how to make payment electronically in manner that is efficient, reliable, and secure. I suggest the Electronic payment systems such as TradeCard and SWIFT enable seller and buyer to conduct and settle international B2B electronic commerce in case of solving the above problems. And, where the cargo arrives ahead of the B/L, the importer cannot take delivery of the cargo without the B/L. This situation is referred to as the B/L dilemma. But the BOLERO system will resolve this B/L dilemma. Bolero Project is developing a cross industry utility platform for the secure, electronic transfer of commercial trade information world wide.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• Journal of Korea Multimedia Society
• /
• v.6 no.5
• /
• pp.849-860
• /
• 2003

As mobile device is becoming more popular, E-Commerce changes into M-Commerce. Especially, IMT-2000 (International Mobile Telecommunication 2000) service is prepared for M-Commerce and this has USIM (Universal Subscriber Identity Module) as a core of certification of individuality and transactions. As a result, the area of mobile service going to expand by USIM. But, mobile services using USIM leave much to be desired, and developed application don't variety. In this paper, for the efficient design of USIM, the structure of USIM and protocol is analyzed, and secure payment solution in USIM is proposed. Specially, offline payment system is proposed for the verification of proposed protocols including security, saving, and calculation of balance. finally, the simulation of proposed payment system on USIM is performed using Java Card.

• The Journal of Information Technology
• /
• v.2 no.1
• /
• pp.35-52
• /
• 1999

This study introduced the new technologies that are expanding the realm of electronic commerce to the Internet and small business. Each of the key components of electronic commerce(contracts, signatures, notaries, payment systems and adult trails)are supported in the new electronic commerce. Electronic commerce is more than just handling purchase transactions and funds transfers over the internet. Despite Electronic commerce's past roots in transactions between large corporations, banks, and other financial institutions, the use of the internet as a way to bring Electronic commerce to the individual consumer has led to shift in viewpoint. Over the past few years, both the press and the business community have increased their focus on Electronic commerce involving the consumer Effective payment system should be established for the internet commerce. In this study, we examined the current development and application of Electronic payment system. Two different payment systems are used and under application. One is IC-card type of payment system which has gained popularity in England, Hong-Kong, and many other countries as a substitution of cash. The other type of payment system is e-cash, which is used more conveniently for the payment through internet. The question of which method is better fitted for the internet commerce should be evaluated in the view of cost and benefit since the associated technology is still under evolution. This study conducted a study on Secure Payment Method & Security Technology of Electronic Commerce

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.931-939
• /
• 2014

The Web or Mobile channel of previous Web access authentication system for a payment only provides the authentication of remote users, and does not provide the authentication between a user and a bank/financial institution. Therefore, this paper proposes the Transaction Certificate Mode(TCM) for a payment which can preserve the mutual authentication between a user and a bank/financial institution for Web-based payment systems. The proposed system has designed for wireless network instead of Secure Electronic Transaction (SET) designed for wired electronic transaction. In addition, this system with TCM is able to support an account-based transaction for wireless networks instead of a disadvantage of SET such as a card-based transaction for wired networks. Therefore, customers can check their balances without logging on their bank's web site again due to mutual authentication between a customer and his bank/financial institution.