• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.4
• /
• pp.43-53
• /
• 2020

There are three standards for FIDO1 authentication technology: Universal Second Factor (U2F), Universal Authentication Framework (UAF), and Client to Authenticator Protocols (CTAP). FIDO2 refers to the WebAuthn standard established by W3C for the creation and use of a certificate in a web application that complements the existing CTAP. In Korea, the FIDO certified market is dominated by UAF, which deals with standards for smartphone (Android, iOS) apps owned by the majority of the people. As the market requires certification through FIDO on PCs, FIDO Alliance and W3C established standards that can be certified on the platform-independent Web and published 『Web Authentication: An API for Accessing Public Key Credentials Level 1』 on March 4, 2019. Most PC do not contain biometrics, so they are not being utilized contrary to expectations. In this paper, we intend to present a model that allows login in PC environment through biometric recognition of smartphone and FIDO UAF authentication. We propose a model in which a user requests login from a PC and performs FIDO authentication on a smartphone, and authentication is completed on the PC without any other user's additional gesture.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2000.10a
• /
• pp.433-438
• /
• 2000

Now, It is vulnerabilities and problems of adaption in user identification and authentication on the Web environments; the BAA(Basic Access Authentication) of HTTP1.0 is that use. ID and password is passed with clear-text between client and server, For this enhancement, the DAA(Digest Access Authentication) of HTTP1.1 is that use. password is digested by MAC(Message Authentication Code) mechanism. but, this mechanism is not adapted by venders of Web browsers. This paper propose the lava based user identification and authentication model to resolve the above problems. Proposed systems are applied to the Web environment, since it has independence to web server and client.

• Journal of the Korea Computer Industry Society
• /
• v.8 no.4
• /
• pp.253-262
• /
• 2007

As the internet environment is applied in the various service field, the recognition on security is increasing. Because the authentication methods for web service user do not confirm person oneself, the serious problems of reliability, safety and security can be caused. In order to solve this problems, the authentication methods of user id and password or authentication key is used. Because the password and authentication key using the existent authentication methods for security is composed of a string, authentication information can easily hacked or leaked by hackers, and the serious problems of security can be caused. In this paper, in order to improve the web security, an authentication module using the fingerprint that have the unique properties of person is proposed. As the proposed module makes use of fingerprint authentication, the security of the web service user from hackers can be maintained. The proposed method is more excellent than the existent method in the web security.

• Journal of Digital Convergence
• /
• v.13 no.7
• /
• pp.197-205
• /
• 2015

Existing Web authentication method utilizes the resident registration number by credit rating agencies separating i-PIN authentication method which has been improved authentication using resident registration number via the real name confirmation database. By improving the existing authentication method, and it provides the available integrated ID authentication on Web. In order to enhance safety, the proposed authentication method by encrypting the user of the verification value, and stores the unique identifier in the database of the certificate authority. Then, the password required to log in to the Web is for receiving a disposable random from the certificate authority, the user does not need to remember a separate password and receives the random number by using the smart phone. It does not save the user's personal information in the database, and it is easy to management of personal information. Only the integration ID needs to be remembered with random number on every time. It doesn't need to use various IDs and passwords if you use this proposed authentication methods.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.11a
• /
• pp.305-311
• /
• 1999

IETF(Internet Engineering Task Force) RFC 2069 recommend to accept the DAA(Digest Access Authentication) scheme ill the HTTP 1.1(Hype. Text Transfer Protocol 1.1). When the client want to access the protected URI resources with Web Server, the BAA scheme is not considered to be a secure method of user authentication, as the user name and password are passed over the network as clear text. But, The DAA scheme is proposed to create a access authentication method which avoids the serious flaws of BAA(ie, passed over the network as clear text). The flaw of DAA is not supported the confidentiality services between client and server. This paper is proposed a confidentiality service scheme for HTTP environment, as an extension to DAA

• Proceedings of the IEEK Conference
• /
• 2003.07d
• /
• pp.1503-1506
• /
• 2003

In this paper, we propose a mutual Authentication module, using ECDSA(Elliptic Curve Digital Signature Algorithm) for web-Camera system. which. is based on three module. first is authentication module which is based on ECDSA algorithm. second is transfort module using stream socket. the last module is graphic module. This paper describes cipher algorithm which can be used restrict condition for the same secret service with wire internet. we made a authentication module using based client and server system.

• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• IE interfaces
• /
• v.13 no.2
• /
• pp.258-265
• /
• 2000

EDI(Electronic Data Interchange) allows the exchange of business information and computer-processable data in a standard, structured format electronically between organizational entities. EDI handles the restructuring of a business document into the standard format so that it can be transmitted from one computer to another. This paper identifies features and technologies of web browsed electronic document exchange system as follows 1) the fundamental technologies that consists of the EDI technologies, the Internet/Web technologies, the security/authentication techniques, and the XML implementation technologies. 2) the functions that consists of the document standards, transfer technology of the document, encryption and authentication 3) the implemented Web-EDI systems that consists of document generation module, encryption and authentication module, transfer module, acknowledgement module, administration module. In this paper, the Web-based EDI system implemented from the researched technologies will be installed on the EDI servers owned by corporate customers and enable the exchange of documents between each installed companies.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.9-16
• /
• 2017

In modern society, everyone can easily access the Internet and freely express their opinions or ideas on Web bulletin boards or SNS. At the same time, they are often used as a place of slandering and the spreading of false information about celebrities such as entertainers and politicians. Typically people use the screen capture method to submit web posts as evidence in lawsuits. But it is difficult to get these accepted as evidence in court because screen captured images are easily forged and tempered. Therefore, as described above, using "Proxy Browser", we propose a screen capture authentication system for web posts that protects forging and tempering to use as digital evidence in court.