• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.73-78
• /
• 2024

COVID-19 pandemic outbreak increased the use of Internet of Medical Things (IoMT), but the existing IoMT solutions are not free from attacks. This paper proposes a secure and resilient framework for IoMT, it computes the risk using Risk Impact Parameters (RIP) and Risk is also calculated based upon the Threat Events in the Internet of Medical Things (IoMT). UICC (Universal Integrated Circuit Card) and TPM (Trusted Platform Module) are used to ensure security in IoMT. PILAR Risk Management Tool is used to perform qualitative and quantitative risk analysis. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.3
• /
• pp.63-74
• /
• 2011

Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.2 no.2 s.3
• /
• pp.73-84
• /
• 2003

Due to the problems of existing prepaid plastic card issued by Korea Highway Company, the prepaid electronic payment system using a smart card, called HipassPLUS Card, was developed to overcome the Problems. PSAM is one of the main component of the systea which can retrieve the value from HipassPLUS card, transmit the transaction data to CSAM, and store the accumulated account lists. For the safety of the elecoonic payment system, the functions of PSAM should be faultless. This paper developed a test module including the test method, the test checklist, and the test procedure. The test module examines the functionality and security of the payment mechanism to insure that the value stored in HipassPLUS card can be raid to PSAM by the merchants and the standardized SAM. The test module also inspects the transmission mechanism to send and store the transaction data kom PShM to CSAM correctly and safely. Ihe module is designed to test the standard items using the test checklists for PSAM. The test items and the test checklists of PShM was selected under the provision of the specification of Korea Highway Company and ISO standard. Ihe evaluation on PSAM using the test module indicates that PSAM satisfies the evaluation criteria on the quality characteristics of the functionality, security, and compatibility.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.3
• /
• pp.91-97
• /
• 2010

Recently Hu-Niu-Yang proposed the user authentication scheme to improve Liu et al's scheme. But the Hu-Niu-Yang's scheme has not been satisfied security requirements considering in the user authentication scheme using the password based smart card. In this paper, we proved that Hu-Niu-Yang's scheme is vulnerable to the off-line password guessing attack in case that the attacker steals the user's smart card and extracts the information in the smart card. Also, the improved user authentication scheme solving the security vulnerability was introduced, thus preventing the attacks, such as password guessing attack, forgery attack impersonation attack, and replay attack. For preventing those attacks, the our proposed scheme need more hash functions and exclusive-OR operations than Hu-Niu-Yang's scheme.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.533-540
• /
• 2014

As for the application system or the user authentication scheme that is used in the system, various technologies including simple ID/PW, certificate, fingerprint/iris, phone, security card, and OTP are being used. But simple ID/PW and phone certification lack security features. As for the certificate, fingerprint/iris, and security card/OTP, the weakness in security has been quite strengthened, but there are costs and complexity involved to use these. This paper proposes a new measure of much safer and low-cost user authentication that improves the security level and uses mobile external storage media such as USB that people commonly have.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.885-895
• /
• 2019

As seen in recent cases of hacking in financial services, attackers are attempting to hacking trustee with poor security management, rather than directly hacking a financial company. As a result, the consignor is strengthening the security check and control of the trustee, but small trustee has difficulties to invest in information security with the lack of computer facilities and the excessive cost of security equipment. In this paper I investigate the vulnerability of personal information processing life cycle standards in order to enhance the security of small consignee that receive personal information form the credit card company. To solve the vulnerability the company should use litigation management system constructed on cloud computing service and install VPN to secure confidentiality and intergrity in data transfer section. Also, to enhance the security of users, it is suggested to protect personal credit information by installing PC firewall and output security on user PC.

• Proceedings of the Korean Institute of Electrical and Electronic Material Engineers Conference
• /
• 2001.07a
• /
• pp.515-518
• /
• 2001

In this study, the electric door lock using the password input system for security improvement was fabricated. The security has been improved by using the multiple micro process. The controller with solenoid valve has been designed indirect driving system for releasing the door lock system. Also, the self checkup system for improving the trustworthy was developed with two kinds of micro process. The results will be applied IC card system and fingerprint identification system for security improvement.

• The KIPS Transactions:PartC
• /
• v.10C no.5
• /
• pp.585-594
• /
• 2003

Java card is one of promising smart card platform with java technology. Java card defines necessary packages and classes for Embedded device that have small memory such as smart card Jana card is compatible with EMV that is Industry specification standard and ISO-7816 that is international standard. However, Java card is not offers user authentication protocol. In this paper, We design and implement an user authentication protocol applicable wireless devices based on Java Card using standard 3GPP Specification (SMS), Java Card Specification (APDU), Cryptography and so on. Our Java Card user authentication techniques can possibly be applied to the area of M-Commerce, Wireless Security, E-Payment System, Mobile Internet, Global Position Service, Ubiquitous Computing and so on.

• Journal of Korea Multimedia Society
• /
• v.14 no.8
• /
• pp.1029-1040
• /
• 2011

Electronic identity (e-ID) card based on smartcard is a representative identity credential for on-line and off-line personal identification. The e-ID card can store the personal identity information securely, so that the information can be accessed fast, automated identity verification and used to determine the cardholder's authorization to access protected resources. Due to such features of an e-ID card, the number of government organizations and corporate enterprises that consider using e-ID card for identity management is increasing. In this paper, we present an authentication framework for access control system using e-ID cards by discussing the threat environment and security requirement against e-ID card. Specifically, to accomplish our purpose, we consider the Personal Identity Verification system as our target model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.563-572
• /
• 2016

Recently, a plenty of credit card payment protocols have been proposed in Korea. Several features of proposed protocols include: using passwords for user authentication in stead of official certificate for authenticity, and no need to download additional security module via ActiveX into user's devices. In this paper, we suggest two new credit card payment protocols that use both SSL(Security Socket Layer) as a standardized secure transaction protocol and password authentication to perform online shopping and payment. The first one is for the case where online shopping mall is different from PG(Payment Gateway) and can be compared to PayPal-based payment methods, and the second one is for the case where online shopping mall is the same as PG and thus can be compared to Amazon-like methods. Two proposed protocols do not require users to perform any pre-registration process which is separate from an underlying shopping process, instead users can perform both shopping and payment into a single process in a convenient way. Also, users are asked to input a distinct payment password, which increases the level of security in the payment protocols. We believe that two proposed protocols can help readers to better understand the recent payment protocols that are suggested by various vendors, and to analyze the security of their payment protocols.