• The KIPS Transactions:PartB
• /
• v.15B no.4
• /
• pp.275-284
• /
• 2008

With increases in recent security requirements, biometric technology such as fingerprints, faces and iris recognitions have been widely used in many applications including door access control, personal authentication for computers, internet banking, automatic teller machines and border-crossing controls. Finger vein recognition uses the unique patterns of finger veins in order to identify individuals at a high level of accuracy. This paper proposes new device and methods for touchless finger vein recognition. This research presents the following five advantages compared to previous works. First, by using a minimal guiding structure for the finger tip, side and the back of finger, we were able to obtain touchless finger vein images without causing much inconvenience to user. Second, by using a hot mirror, which was slanted at the angle of 45 degrees in front of the camera, we were able to reduce the depth of the capturing device. Consequently, it would be possible to use the device in many applications having size limitations such as mobile phones. Third, we used the holistic texture information of the finger veins based on a LBP (Local Binary Pattern) without needing to extract accurate finger vein regions. By using this method, we were able to reduce the effect of non-uniform illumination including shaded and highly saturated areas. Fourth, we enhanced recognition performance by excluding non-finger vein regions. Fifth, when matching the extracted finger vein code with the enrolled one, by using the bit-shift in both the horizontal and vertical directions, we could reduce the authentic variations caused by the translation and rotation of finger. Experimental results showed that the EER (Equal Error Rate) was 0.07423% and the total processing time was 91.4ms.

• Journal of KIISE:Computing Practices and Letters
• /
• v.12 no.6
• /
• pp.367-378
• /
• 2006

A mobile phone has became as a payment tool in e-commerce and on-line banking areas. This trend of a payment system using various types of mobile devices is rapidly growing, especially in the Internet transaction and small-money payment. Hence, there will be a need to define its standard for secure and safe payment technology. In this thesis, we consider the service types of the current mobile payments and the authentication method, investigate the disadvantages, problems and their solutions for smart and secure payment. Also, we propose a novel authentication method which is easily adopted without modification and addition of the existed mobile hardware platform. Also, we present a simple implementation as a demonstration version. Based on virtual machine (VM) approach, the proposed model is to use a pseudo-random number which is confirmed by the VM in a user's mobile phone and then is sent to the authentication site. This is more secure and safe rather than use of a random number received by the previous SMS. For this payment operation, a user should register the serial number at the first step after downloading the VM software, by which can prevent the illegal payment use by a mobile copy-phone. Compared with the previous SMS approach, the proposed method can reduce the amount of packet size to 30% as well as the time. Therefore, the VM-based method is superior to the previous approaches in the viewpoint of security, packet size and transaction time.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1551-1559
• /
• 2015

Recently, the performance of smart devices is almost similar to that of the existing PCs, thus the users of smart devices can perform similar works such as messengers, SNSs(Social Network Services), smart banking, etc. originally performed in PC environment using smart devices. Although the development of smart devices has led to positive impacts, it has caused negative changes such as an increase in security threat aimed at mobile environment. Specifically, the threats of mobile devices, such as leaking private information, generating unfair billing and performing DDoS(Distributed Denial of Service) attacks has continuously increased. Over 80% of the mobile devices use android platform, thus, the number of damage caused by mobile malware in android platform is also increasing. In this paper, we propose android based malware detection mechanism using time-series analysis, which is one of statistical-based detection methods.We use auto-regressive moving-average model which is extracting accurate predictive values based on existing data among time-series model. We also use fast and exact malware detection method by extracting possible malware data through Z-Score. We validate the proposed methods through the experiment results.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5294-5302
• /
• 2014

The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

• International Commerce and Information Review
• /
• v.18 no.1
• /
• pp.55-78
• /
• 2016

This paper discusses on Electronic Payment System between U.S.A. and Canada. In particular, I focused on ACSS compare with FedACH(Fed Automated Clearing House) to advance a research effects. Because both of them is a low-value, high-volume retail payment system which their countries represent. The ACSS(Automated Clearing Settlement System) is the system through which the vast majority of CPA payment items are cleared, through various payment streams. In 2014, ACSS system cleared approximately 6.8billion payments worth a total value of $ 44.9 trillion. While, The FedACH Network are the center of America Commerce, moving more than $40 trillion each year. That's made up of almost 23 billion electronic financial transaction, including direct deposit via ACH, social security and government benefits, electronic bill payments such as utility and mortgage payments. Thus in this article, first of all, I considered features of payment system and the types of payment items between ACSS and FedAch. Second, I analyzed the status of central bank and legal background. Third, I focused on the operational policy and risk aversion policy. Lastly, I suggested that their payment and banking system have to assume, with good reason, more efficiently accurately and securely operation to protect their customer from credit risk and financial fraud.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.19
• /
• pp.224-242
• /
• 2003

The author believes that the main task of study in international trade usage and practice is the management of transactional risks involved in international sale of goods. They are foreign exchange risks, transportation risks, credit risk, risk of miscommunication, etc. In most cases, these risks are more serious and enormous than those involved in domestic sales. Historically, the merchant adventurers organized the voyage abroad, secured trade finance, and went around the ocean with their own or consigned cargo until around the $mid-19^{th}$ century. They did business faceto-face at the trade fair or the open port where they maintained the local offices, so-called "Trading House"(商館). Thererfore, the transactional risks might have been one-sided either with the seller or the buyer. The bottomry seemed a typical arrangement for risk sharing among the interested parties to the adventure. In this way, such organizational arrangements coped with or bore the transactional risks. With the advent of ocean liner services and wireless communication across the national border in the $19^{th}$ century, the business of merchant adventurers developed toward the clear division of labor; sales by mercantile agents, and ocean transportation by the steam ship companies. The international banking helped the process to be accelerated. Then, bills of lading backed up by the statute made it possible to conduct documentary sales with a foreign partner in different country. Thus, FOB terms including ocean freight and CIF terms emerged gradually as standard trade terms in which transactional risks were allocated through negotiation between the seller and the buyer located in different countries. Both of them did not have to go abroad with their cargo. Instead, documentation in compliance with the terms of the contract(plus an L/C in some cases) must by 'strictly' fulfilled. In other words, the set of contractual documents must be tendered in advance of the arrival of the goods at port of discharge. Trust or reliance is placed on such contractual paper documents. However, the container transport services introduced as international intermodal transport since the late 1960s frequently caused the earlier arrival of the goods at the destination before the presentation of the set of paper documents, which may take 5 to 10% of the amount of transaction. In addition, the size of the container vessel required the speedy transport documentation before sailing from the port of loading. In these circumstances, computerized processing of transport related documents became essential for inexpensive transaction cost and uninterrupted distribution of the goods. Such computerization does not stop at the phase of transportation but extends to cover the whole process of international trade, transforming the documentary sales into less-paper trade and further into paperless trade, i.e., EDI or E-Commerce. Now we face the other side of the coin, which is data security and paperless transfer of legal rights and obligations. Unfortunately, these issues are not effectively covered by a set of contracts only. Obviously, EDI or E-Commerce is based on the common business process and harmonized system of various data codes as well as the standard message formats. This essential feature of E-Commerce needs effective coordination of different divisions of business and tight control over credit arrangements in addition to the standard contract of sales. In a few word, information does not alway invite "trust". Credit flows from people, or close organizational tie-ups. It is our common understanding that, without well-orchestrated organizational arrangements made by leading companies, E-Commerce does not work well for paperless trade. With such arrangements well in place, participating E-business members do not need to seriously care for credit risk. Finally, it is also clear that E-International Commerce must be linked up with a set of government EDIs such as NACCS, Port EDI, JETRAS, etc, in Japan. Therefore, there is still a long way before us to go for E-Commerce in practice, not on the top of information manager's desk.