• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.1180-1200
• /
• 2017

Currently, automated payment services provide intuitive user interfaces by adapting various wireless communication devices with mobile services. For example, companies like Samsung, Google, and Apple have selected the NFC payment method to service payments of existing credit cards. An electronic payment standard has been released for NFC activation within Korea and will strengthen the safety of payment service communications. However, there are various security risks regarding the NFC-based electronic payment method. In particular, the NFC payment service using the recently released lightweight devices cannot provide the cryptographic strength that is supported by many financial transaction services. This is largely due to its computational complexity and large storage resource requirements. The chaotic map introduced in this study can generate a highly complicated code as it is sensitive to the initial conditions. As the lightweight study using the chaotic map has been actively carried out in recent years, associated authentication techniques of the lightweight environment have been released. If applied with a chaotic map, a high level of cryptographic strength can be achieved that can provide more functions than simple XOR operations or HASH functions. Further, this technique can be used by financial transaction services. This study proposes a mutual authentication technique for NFC-PCM to support an NFC payment service environment based on the chaotic map.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.40 no.4
• /
• pp.183-190
• /
• 2017

This paper proposes a dynamic magnetic field emulator (DMFE), which can electrically emulate information for the magnetic stripes of most widely used credit cards. Payment transactions with most common credit cards are performed by reading the card's information, encoded in magnetic stripes, using the reader head of a point-of-sale (POS) system. A stripe-type permanent magnet is attached to the back side of the credit card, and information for payments or value-added service is reorganized by exposing it to strong magnetic field. The process of data recording and retrieving as stated above has been pointed out as a major cause of illegal credit card use, because the information on the magnetic stripe is always exposed, and is thus vulnerable to forgery or alteration. A dynamic magnetic field emulator displays card information only when necessary by using the principle of solenoidal magnets. The DMFE proposed in this paper can prevent fraudulent use if it is operated with a device, like a smart phone, or a separate user-authentication procedure. In addition, because it is possible to display various information as needed, it can be utilized for a smart multi-card application, in which information for multiple cards is stored in one card, and can be selected and used as needed. This paper introduces the necessity of the DMFE and its manufacturing principles. As a result, this study will be helpful for making various application cases in payment, which is a core area of the Fintech (a newly-coined word of finance and technology) industry.

• Journal of KIISE:Information Networking
• /
• v.29 no.6
• /
• pp.645-653
• /
• 2002

The WPP payment protocol uses the WAP protocol to enable credit card payment on the wireless internet. Since the security of the WAP protocol is based on the WTLS security protocol, there exists an end-to-end security weakness for the WPP payment protocol. This paper is suggesting a payment protocol, which is making use of the Public-Key Cryptosystem and the Mobile Gateway, so assuring end-to-end security independently of specific protocols. As the on-line certification authority is participating on the authentication process of the payment protocol, the suggested payment protocol enables wireless devices to get services from service providers on other domains.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2010.07a
• /
• pp.181-182
• /
• 2010

1940년대에 등장한 신용카드는 현재 전세계적으로 널리 사용되고 있는 결재 수단이며 사용자 및 결재 금액이 꾸준히 증가하고 있지만 아직도 초기의 결재절차를 그대로 사용하고 있어 위조 등의 문제가 발생하고 있다. 따라서 현재와 같은 일방적인 정보만을 가지고 결재가 이루지는 신용카드의 안전성을 높이기 위하여 본 논문에서는 휴대폰을 이용한 카드 사용자에 대한 인증 방법을 제안하고자 한다. 고객이 신용카드를 사용시에 신용카드사 거래승인 시스템에서는 이동통신사를 통하여 고객의 휴대폰으로 SMS 문자를 보내게 되고 이에 대해 응답 SMS 문자를 보냄으로써 사용자 인증을 수행하게 된다. 이러한 방법은 추가적인 하드웨어가 필요하지 않으며 적용이 용이하고 신용카드의 안전성을 높여 주게 될 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.631-646
• /
• 2020

The government is pursuing a policy to remove plug-ins for public and private websites to create a convenient Internet environment for users. In general, financial institution websites that provide financial services, such as banks and credit card companies, operate fraud detection system(FDS) to enhance the stability of electronic financial transactions. At this time, the installation software is used to collect and analyze the user's information. Therefore, there is a need for an alternative technology and policy that can collect user's information without installing software according to the no-plug-in policy. This paper introduces the device fingerprinting that can be used in the standard web environment and suggests a guideline to select from various techniques. We also propose a user authentication model using device fingerprints based on machine learning. In addition, we actually collected device fingerprints from Chrome and Explorer users to create a machine learning algorithm based Multi-class authentication model. As a result, the Chrome-based Authentication model showed about 85%~89% perfotmance, the Explorer-based Authentication model showed about 93%~97% performance.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.9-18
• /
• 1997

인터넷 상점을 이용하여 물건을 구매하는 방식이 쇼핑의 한 수단으로 자리잡고 있지만, 상점에 의한 고객의 신용 카드 번호 및 구매 정보등의 개인정보 유출이라는 심각한 문제가 부각되고 있다. 이와 같은 현실에서 물건을 구매하는 고객이 상점이 믿을 수 있는 상점인지를 판단할 수 있는 방법이 필요해지고 있다 이에 본 논문에서는 상점에 대한 등급 정보를 X.509 인증서를 이용하여 배포하고, 고객이 브라우저를 이용하여 상점에 접속하였을 때 상점의 신용도를 편리하게 확인할 수 있는 시스템을 제안한다.

• International Commerce and Information Review
• /
• v.7 no.1
• /
• pp.213-233
• /
• 2005

A letter of credit is the best settlement among various means of payments until now. A letter of credit plays very important roles in rational and smooth international trade. Letter of credit is usually used in international trade. But many people have to prepare a lot of transport documents in order to transact with L/C. Therefore, the transactions will be happened to delay in international trade very often. Owing to the EDI, international trade will be materialized with electronic business of E-commerce. If we transact with the electronic documents, it will be reduced the time very much in international trade. Generally speaking, all relating parties transact with L/C complying with UCP, but there are no ruling articles about electronic documents in UCP. If all parties want to transact with electronic documents in global business, UCP has to contain the electronic provisions. So, ICC published eUCP on 2002. The purpose of the study was to analyze original electronic papers and provisions through foreign precedents in UCP and eUCP. If we want to exchange the electronic document, the UCP provisions about electronic documents would be revised as follows: UCP provision 20(b) would be revised, “Unless otherwise stipulated in the credit, banks have to accept as an original documents, a documents produced or appearing to have been produced: (i)by reprographic, automated or computerized systems (ii)as carbon copies,; provided that it is marked as original and, where necessary, appears to be signed. A document may be signed by handwriting, by facsimile signature, by perforated signature by symbol, or by any other mechanical or electronic method of authentication."

• The KIPS Transactions:PartD
• /
• v.10D no.6
• /
• pp.1033-1040
• /
• 2003

In order to provode information services on M-Commerce, a payment solution with security function should be required. User's mobile terminals for using M-Commerce services are diversifying to cellular phone, PDA, Smart phone etc. Among them, intergration of PDA's interface and mobile connection overcomes the weak point of existing cullular phone depending on information via the internet. In this paper, the protocol for a credit card transaction on PDA using ECC is presented. Secure Card module on this protocol encrypts user's information such as private information, delivery information and credit card information and store them on PDA in order to free from inputting information whenever it is used. This scheme also offers security services on M-Commerce including authentication, confidentiality, integration, non-repudiation and so on.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.6
• /
• pp.155-164
• /
• 2011

APP based on the smart phone is being utilized to various scopes such as medical services in hospitals, financing services at banks and credit card companies, and ubiquitous technologies in companies and homes etc. In this service environment, exposures of smart phones cause loss of assets including leaks of official/private information by outsiders. Though secret keys, pattern recognition technologies, and single image authentication techniques are being applied as protective methods, but they have problems in that accesses are possible by utilizing static key values or images like pictures. Therefore, this study proposes a face authentication technology for protecting smart phones from these dangerous factors and problems. The proposed technology authenticates users by extracting key frames of user's facial images by real time, and also controls accesses to the smart phone. Authentication information is composed of multiple key frames, and the user' access is controlled by distinction algorism of similarity utilizing DC values of image's pixel and luminance.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.