• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.6
• /
• pp.2087-2103
• /
• 2014

What is an ideal authentication method for smartphone banking services? And what are the critical elements to be considered when designing it? To provide valuable insight for these questions, this study investigates various authentication requirements to be considered in smartphone banking service with the aspect of security, convenience and cost. By applying Analytic Network Process (ANP), this study first analyzes priorities among the requirements and then draws an ideal authentication method for smartphone banking service. Moreover, a sensitivity analysis has been conducted by varying the relative importance of several requirements. The results from the judgment of 72 experts revealed that, although Korean government has obliged the use of Public Key certificate, OPT and biometric alternatives may prove to be more appropriate for the smartphone banking service. These results will contribute to the provision of more secured and convenient smartphone banking services.

• Journal of Korea Multimedia Society
• /
• v.24 no.3
• /
• pp.440-447
• /
• 2021

Smartphones are currently being produced with similar functions, shapes, and software. The foldable smartphone is a product that dramatically changed the shape of the existing smartphone. Therefore, it affects the functions and software. In this paper, we analyze the potential security vulnerability of current mobile authentication methods by dividing them into two parts, security vulnerabilities of non-foldable smartphones, and security vulnerability that appears with the changed smartphone structure. According to the analysis result, the classic and current mobile user authentication methods appears to be easily affected by the smartphone display structure. Finally, we propose an appropriate authentication method as well as the concept of security measures for smartphones with foldable screen. Our method shows that it is more secure than the conventional authentication methods in foldable display smartphone.

• Journal of Korea Multimedia Society
• /
• v.17 no.8
• /
• pp.968-976
• /
• 2014

Authentication methods on smartphone are demanded to be implicit to users with minimum users' interaction. Existing authentication methods (e.g. PINs, passwords, visual patterns, etc.) are not effectively considering remembrance and privacy issues. Behavioral biometrics such as keystroke dynamics and gait biometrics can be acquired easily and implicitly by using integrated sensors on smartphone. We propose a biometric model involving keystroke dynamics for implicit authentication on smartphone. We first design a feature extraction method for keystroke dynamics. And then, we build a fusion model of keystroke dynamics and gait to improve the authentication performance of single behavioral biometric on smartphone. We operate the fusion at both feature extraction level and matching score level. Experiment using linear Support Vector Machines (SVM) classifier reveals that the best results are achieved with score fusion: a recognition rate approximately 97.86% under identification mode and an error rate approximately 1.11% under authentication mode.

• Journal of IKEEE
• /
• v.19 no.4
• /
• pp.617-624
• /
• 2015

In this paper, an adult authentication system based on authentication certificate was designed and implemented using smartphone and near-field communication. It has three advantages. First, it achieves easy, convenient, and fast authentication by using smartphone and near-field communication. Second, it achieves extremely high security and reliability by exploiting authentication certificate. Third, it achieves extremely low risk of personal information leakage by generating and sending only virtual identification code. Finally, it has a proper legal basis by Digital Signature Act. It consists of adult authentication module, near-field communication control module, policy server module, and database server module. A prototype of the proposed system was designed and implemented, and it was verified to have correct operation.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1259-1269
• /
• 2016

In order to block the access of the information in the smartphone of a user by other users, it is checked if the current user is the owner or not in the smartphone authentication process, whenever a user begins to use a smartphone. This makes smartphone users in front of frequent smartphone authentications, which leads significant inconvenience to them. Because of such inconvenience, users tend not to use the smartphone authentication anymore. Finally, their smartphones become very vulnerable against malicious access. This paper proposes a progressive authentication method on the android-platform in order to solve the problem described above. With the proposed method, smartphones can identify relevant risks based on users' past experiences and determine whether an authentication is needed. Because authentication occurs only when the identified risk level is high, it can achieve both a high-level of security in the high-level risk situation and user convenience in the low-level risk situation.

• International Journal of Contents
• /
• v.9 no.2
• /
• pp.14-21
• /
• 2013

Current smartphone authentication systems are deemed inconvenient and difficult for users on remembering their password as well as privacy issues on stolen or forged biometrics. New authentication system is demanded to be implicit to users with very minimum user involvement being. This idea aims towards a future model of authentication system for smartphones users without users realizing them being authenticated. We use the most frequent activity that users carry out with their smartphone, which is the calling activity. We derive two basics related interactions that are first factor being arm's flex (AF) action to pick a phone to be near ones' ears and then once getting near ear using second factor from ear shape image. Here, we combine behavior biometrics from AF in first factor and physical biometrics from ear image in second factor. Our study shows our dual-factor authentication system does not require explicit user interaction thereby improving convenience and alleviating burden from users from persistent necessity to remember password. These findings will augment development of novel implicit authentication system being transparent, easier, and unobtrusive for users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1477-1484
• /
• 2015

With the growth of financial industry with smartphone, interest on user authentication using smartphone has been arisen in these days. There are various type of biometric user authentication techniques, but gait recognition using accelerometer sensor in smartphone does not seem to develop remarkably. This paper suggests the method of user authentication using accelerometer sensor embedded in smartphone. Specifically, calibrate the sensor data from smartphone with 3D-transformation, extract features from transformed data and do principle component analysis, and learn model with using gaussian mixture model. Next, authenticate user data with confidence interval of GMM model. As result, proposed method is capable of user authentication with accelerometer sensor on smartphone as a high degree of accuracy(about 96%) even in the situation that environment control and limitation are minimum on the research.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.43-53
• /
• 2020

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1154-1164
• /
• 2016

To prevent the use of one's smartphone by another user, the authentication checks the owner in several ways. However, whenever the owner does use his/her smartphone, this authentication requires an unnecessary action, and sometimes he/she finally decides not to use an authentication method. This can cause a fatal problem in the smartphone's security. We propose a sustainable android platform-based authentication mode to solve this security issue and to facilitate secure authentication. In the proposed model, a smartphone identifies the current situation and then performs the authentication. In order to define the risk of the situation, we conducted a survey and analyzed the survey results by age, location, behavior, etc. Finally, a demonstration program was implemented to show the relationship between risk and security authentication methods.

• Journal of Korea Multimedia Society
• /
• v.24 no.8
• /
• pp.1076-1089
• /
• 2021

Among the currently used knowledge-based authentication methods for smartphones, text and graphic-based authentication methods, such as PIN and pattern methods, use a display unit and a touch function of the display unit for input/output of secret information. Recently released smartphone form factors are trying to transform into various forms, away from the conventional bar and slate types because of the material change of the display unit used in the existing smartphone and the increased flexibility of the display unit. However, as mentioned in the study of D. Choi [1], the structural change of the display unit may directly or indirectly affect the authentication method using the display unit as the main input/output device for confidential information, resulting in unexpected security vulnerabilities. In this paper, we analyze the security vulnerabilities of the current mobile user authentication methods that is applied atypical form factor. According to the analysis results, it seems that the existing display-dependent mobile user authentication methods do not consider emerging security threats at all. Furthermore, it is easily affected by changes in the form factor of smartphones. Finally, we propose countermeasures for security vulnerabilities expected when applying conventional authentication methods to atypical form factor-based smartphones.