• 정보보호학회논문지
• /
• 제15권5호
• /
• pp.105-114
• /
• 2005

There are several goals or properties which authentication protocols may have; some of them are key freshness, far-end aliveness, key confirmation, etc. Most of them have extensively been discussed and studied so far in the literature. 'Responsibility' and 'credit', which were first raised by Abadi as additional goals, received quite an exceptional treatment; there were little response from researchers about these new goals. It is surprising to see that these two properties have slipped through any investigation, successfully achieving the positions as the goals for authentication protocols. In this paper, we investigate these two new properties and their relations to authentication protocols, and answers to the question: what brings us credit and responsibility.

• 인터넷정보학회논문지
• /
• 제7권1호
• /
• pp.121-130
• /
• 2006

차세대 무선 네트워크에서는 응용들이 실시간 선불 서비스를 제공해야 하며, 최종 사용자에게 서비스를 제공하기 이전에 요청된 서비스에 대해 신용을 사전 체크하여야 한다. 또한 선불서비스를 효과적으로 제공하기 위해서는 신용제어 기능이 최소한의 지연만을 가져야 한다. 본 논문에서는 모바일 IPv6 환경에서 실시간 신용제어가 가능한 권한검증 구현 모델을 제안하였다. 제안한 모델은 일반적인 신용제어 권한검증 절차와 모바일 IPv6 인증 절차를 통합한 구조를 갖는다. 지연을 최소화하기 위해 제안한 모델을 싱글 서버 내에 구현하였으며, 이 시스템은 권한검증과 인증을 동시에 수행한다. 구현한 시스템의 구현구조를 소프트웨어 기능 블록과 유니트 형태로 제시하였다. 구현한 모델의 feasibility를 검증하기 위해서 구현한 시스템의 지연을 측정하였으며 측정 시, 몇 가지 인증 확장 프로토콜 (EAP)을 적용하였다. 측정된 결과에 따르면 신용제어 권한검증과 인증이 분리된 기존 모델과 비해서 제안한 통합 모델이 상대적으로 지연시간이 적었다.

• 디지털산업정보학회논문지
• /
• 제7권3호
• /
• pp.63-74
• /
• 2011

Credit cards are more convenient than cash of heavy. Therefore, credit cards are used widely in on_line (internet) and off_line in nowadays. To use credit cards on internet is commonly secure because client identification based security card and authentication certificate. However, to use in off_line as like shop, store, department, restaurant is unsecure because of irregular accident. As client identification is not used in off_line use of credit cards, the irregular use of counterfeit, stolen and lost card have been increasing in number recently. Therefore, client identification is urgently necessary for secure card using in off_line. And the method of client identification must be simple, don't take long time, convenient for client, card affiliate and card company. In this paper, we study a reform measure of the structure and transaction process for the safety improvement of a credit cards. And we propose several authentication method of short-and long-term for client identification. In the proposal, the client authentication method by OTP application of smart-phone is efficient nowadays.

• 정보보호학회논문지
• /
• 제9권2호
• /
• pp.37-48
• /
• 1999

인터넷은 학술.연구용으로 이용되었으나, 현재 일반사용자에게도 친숙한 World-Wide Web의 발달과 더불어 인터넷을 상업적으로 이용하려는 시도가 증가하고 있다. 인터넷의 상업적 이용으로 가장 큰 예는 인터넷 상점을 들 수 있다. WWW을 이용하여 물건을 광고하고 사용자는 자신이 원하는 물건을 선택하여 온라인으로 대금을 지불하는 형태이다. 이런 인터넷 상점이 증가함에 따라 고객과 상점사이에 서로의 신용도를 확인할 수 없는 문제점이 발생하게 되었다. 이 논문에서는, 인터넷 상점의 신용을 인정할 수 있는 시스템 개발에 대해 설명하고 있으며, 이를 통해 사용자가 인터넷 상점을 사용할 수 있는 믿을 수 있는 환경을 구축하려고 한다. 인터넷 상점에 대한 신용인증 시스템 개발을 위해서 상점의 신용정보는 사용자에게 안전하게 전송되어야 하며, 쉽게 확인할 수 있어야 한다. 또한 도청 될 수 없어야 한다. The Internet has been used as the academic researching purposes. Nowadays accordance with improving and being familiar with the World-Wide Web Many people are giving it a try to use the Internet as commerce markets. The noticeable example of internet-based use of the commerce is the Internet shopping mall. Using the WWW companies exhibit their products and users select the ones and take the payment for ones in the on-line Increasing the the Internet shopping mall there needs to be the countermeasure that companies and clients must verify each other. In this paper there are explained the development credit authentication system of the Internet shopping mall and the construction of the trusted environment clients can use Internet shopping mall. That is to develop the credit authentication system the credit-rating of Internet shopping mall can be sent securely and easily to clients and the information of credit-ranting cannot be eavesdropped.

• 정보보호학회논문지
• /
• 제28권3호
• /
• pp.579-590
• /
• 2018

'14.5월 앱카드는 스미싱 기법과 전화번호 취득불가 취약점으로 명의도용사고를 당하였고, 그 후 카드사들은 해당 취약점을 보완하기 위해 인증수단을 추가 도입하는 등 보완하여 운영해 오고 있다. 하지만, 인증 적용환경, 목적 및 인증수단에 대한 분석이 부족하여 기존 사고에서 나타난 취약점 및 리스크수준을 낮추지 못하고 있다. 본 연구는 전자금융서비스 중 앱카드의 인증과정을 미(美)NIST의 인증가이드라인을 적용하여 분석하고, 문제점을 파악하여 개선 방향을 제안하고자 한다. 본 연구에서 분석한 방식은 앱카드외에도 인증수단의 분석에 전반적으로 적용할 수 있어 활용가치가 높을 것이다.

• 정보보호학회논문지
• /
• 제25권5호
• /
• pp.1175-1186
• /
• 2015

신용카드사용이 증가하는 만큼 금융사고 또한 증가하고 있다. 자기 띠 카드 방식은 신용카드 정보가 평문으로 노출되고 사용자 인증 또한 허술한 취약점으로 인해 향상된 보안성을 제공하는 스마트카드 방식으로 전환되는 추세에 있다. 또한 최근에는 IT와 금융상품을 접목한 핀테크 (FinTech) 열풍이 불면서 대면거래환경에서도 카드가 아닌 모바일 기기들을 기반으로 하는 결제 기법들이 많이 제안되고 있다. 본 논문에서는 카드 소지자 모바일기기를 기반으로 카드 소지자의 공개키를 이용해 생성하는 가상카드번호를 카드사에 사전 등록함으로써 대면거래환경에서 PKI와 인증서 없이 효율적으로 사용자를 인증하여 편의성을 증가시키면서도 신용카드 정보에 대한 보안성을 제공하는 가상카드번호 결제 기법을 제안하고 대면거래환경에서 보안성을 제공하는 대표적인 신용카드 결제 방식인 EMV 기법과 비교 분석 해 보도록 한다.

• 무역상무연구
• /
• 제15권
• /
• pp.239-261
• /
• 2001

There are many kinds of risk in int'l trade by internet network, such as credit risk, mercantile risk, contingency risk, exchange risk, physical risk and the risk on internet network. Especially, risk management against credit risk and the risk on internet network are very important. The former is conventional but more important these days. The latter is a new risk that has been incurred owing to the int'l trade by internet network. The system of risk management against the former are firstly, to surely research credit of counterpart by internet, secondly, to certify the entity by password or fingerprint, thirdly, to pay the price under a letter of credit, fourthly, to use the system of int'l trade such as bolero, trade card, finally, to use the authority of electronic trade services. The system of risk management against the latter are firstly, to install the firewall on the own computer network, secondly, to entrust the management own computer network to the network security services firm, thirdly, to electronically communicate with counterpart through the certification authority, finally, to insure against the own network risk with the security insurance company.

• Journal of Computing Science and Engineering
• /
• 제5권1호
• /
• pp.51-70
• /
• 2011

This paper introduces a new credit card payment scheme called No Number Credit Card that can significantly reduce the possibility of credit card fraud. The proposed payment system is loosely based on Kerberos, a cryptographic framework that has stood the test of time. In No Number Credit Card, instead of card numbers, only payment tokens are exchanged between the customers and merchants. The tokens are generated based on the payment amount, payment type, client information, and merchant information. However, it does not contain the credit card number, so the merchant or a database hacker cannot acquire and illegally use any credit card numbers. The No Number Credit Card system is ideal for online e-commerce transactions and can be used with any credit card that users possess. It can be used with minor modifications to the current card payment system. We provide the principles of its operation through scenario analysis, a sample implementation, and a security analysis

• 한국정보기술응용학회:학술대회논문집
• /
• 한국정보기술응용학회 2005년도 6th 2005 International Conference on Computers, Communications and System
• /
• pp.281-284
• /
• 2005

Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1864-1876
• /
• 2016

Card-Not-Present (CNP) transactions taking place remotely over the Internet are becoming more prevalent. Cardholder authentication should be provided to prevent the CNP fraud resulting from the theft of stored credit card numbers. To address the security problems associated with CNP transactions, the use of a virtual card number derived from the transaction details for the payment has been proposed, instead of the real card number. Since all of the virtual card number schemes proposed so far are based on a password shared between the cardholder and card issuer, transaction disputes due to the malicious behavior of one of the parties involved in the transaction cannot be resolved. In this paper, a new virtual card number scheme is proposed, which is associated with the cardholder's public key for signature verification. It provides strong cardholder authentication and non-repudiation of the transaction without deploying a public-key infrastructure, so that the transaction dispute can be easily resolved. The proposed scheme is analyzed in terms of its security and usability, and compared with the previously proposed schemes.