• Title/Summary/Keyword: USB 컨테이너 ID

Search Result 2, Processing Time 0.015 seconds

Management Method for Private Key File of PKI using Container ID of USB memory (USB 메모리의 컨테이너ID를 이용한 PKI 기반의 개인키 파일의 안전한 관리 방안)

  • Kim, Seon-Joo;Joe, In-June
    • The Journal of the Korea Contents Association
    • /
    • v.15 no.10
    • /
    • pp.607-615
    • /
    • 2015
  • Mosts user of internet and smart phone has certificate, and uses it when money transfer, stock trading, on-line shopping, etc. Mosts user stores certificate in a hard disk drive of PC, or the external storage medium. In particular, the certification agencies are encouraged for user to store certificate in external storage media such as USB memory rather than a hard disk drive. User think that the external storage medium is safe, but when it is connect to a PC, certificate may be copied easily, and can be exposed to hackers through malware or pharming site. Moreover, if a hacker knows the user's password, he can use user's certificate without restrictions. In this paper, we suggest secure management scheme of the private key file using a password of the encrypted private key file, and a USB Memory's hardware information. The private key file is protected safely even if the encrypted private key file is copied or exposed by a hacker. Also, if the password of the private key file is exposed, USB Memory's container ID, additional authentication factor keeps the private key file safe. Therefore, suggested scheme can improve the security of the external storage media for certificate.

User Authentication System Using USB Device Information (USB 장치 정보를 이용한 사용자 인증방안)

  • Lee, Jin-Hae;Jo, In-June;Kim, Seon-Joo
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.7
    • /
    • pp.276-282
    • /
    • 2017
  • Password-based authentication is vulnerable because of its low cost and convenience, but it is still widely used. In order to increase the security of the password-based user authentication method, the password is changed frequently, and it is recommended to use a combination of numbers, alphabets and special characters when generating the password. However, it is difficult for users to remember passwords that are difficult to create and it is not easy to change passwords periodically. Therefore, in this paper, we implemented a user authentication system that does not require a password by using the USB memory that is commonly used. Authentication data used for authentication is protected by USB data stored in USB memory using USB device information to improve security. Also, the authentication data is one-time and reusable.Based on this, it is possible to have the same security as the password authentication system and the security level such as certificate or fingerprint recognition.