• Title/Summary/Keyword: device authentication

Search Result 432, Processing Time 0.028 seconds

An efficient access control techniques between different IoT devices in a cloud environment (클라우드 환경에서 서로 다른 IoT 장치간 효율적인 접근제어 기법)

  • Jeong, Yoon-Su;Han, Kun-Hee
    • Journal of the Korea Convergence Society
    • /
    • v.9 no.4
    • /
    • pp.57-63
    • /
    • 2018
  • IoT devices are used in many areas to perform various roles and functions in a cloud environment. However, a method of access control that can stably control the IoT device has not been proposed yet. In this paper, we propose a hierarchical multi-level property access control scheme that can perform stable access of IoT devices used in a cluster environment. In order to facilitate the access of the IoT device, the proposed method not only provides the ID key (security token) unique to the IoT device by providing the IoT Hub, but also allows the IoT Hub to authenticate the X.509 certificate and the private key, So that the private key of the IoT device can not be seen outside the IoT device. As a result of the performance evaluation, the proposed method improved the authentication accuracy by 10.5% on average and the processing time by 14.3%. The overhead of IoT Hub according to the number of IoT attributes was 9.1% lower than the conventional method.

A Secure BLE Integration Authentication System for a BLE Device Control Server based on Physical Web and Eddystone (Physical Web과 Eddystone 기반 BLE 디바이스 컨트롤 서버를 위한 안전한 BLE 통합 인증 시스템)

  • Nam, ChoonSung;Jung, Hyunhee;Shin, Dongryeol
    • Journal of KIISE
    • /
    • v.43 no.10
    • /
    • pp.1094-1103
    • /
    • 2016
  • Physical Web and Eddystone can be serviced by a single integrated application on the device by using their servers' URL. However, they have a limitation that their servers must be customized for service characteristics on a case by case basis. In other words, regardless of the service selected for BLE, it should have a modified linkage application for each device. Hence, we think that a new integrated service platform, which is able to link and support its Beacon from the central server and is also able to support its application, is needed for achieving better service quality. This platform consists of push (Broadcasting for Beacon service) parts and pull (Connection) parts to establish communication. Especially, Pull should be operated and controlled under the authorization (secure) management for safe and trustable communication. It means that BLE must have its new authorization communications protocol to protect its data as much as possible. In this paper, we propose a BLE integrated authorization protocol for a BLE device control server based on Physical Web and Eddystone.

Comparative Analysis of ViSCa Platform-based Mobile Payment Service with other Cases (스마트카드 가상화(ViSCa) 플랫폼 기반 모바일 결제 서비스 제안 및 타 사례와의 비교분석)

  • Lee, June-Yeop;Lee, Kyoung-Jun
    • Journal of Intelligence and Information Systems
    • /
    • v.20 no.2
    • /
    • pp.163-178
    • /
    • 2014
  • Following research proposes "Virtualization of Smart Cards (ViSCa)" which is a security system that aims to provide a multi-device platform for the deployment of services that require a strong security protocol, both for the access & authentication and execution of its applications and focuses on analyzing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service by comparing with other similar cases. At the present day, the appearance of new ICT, the diffusion of new user devices (such as smartphones, tablet PC, and so on) and the growth of internet penetration rate are creating many world-shaking services yet in the most of these applications' private information has to be shared, which means that security breaches and illegal access to that information are real threats that have to be solved. Also mobile payment service is, one of the innovative services, has same issues which are real threats for users because mobile payment service sometimes requires user identification, an authentication procedure and confidential data sharing. Thus, an extra layer of security is needed in their communication and execution protocols. The Virtualization of Smart Cards (ViSCa), concept is a holistic approach and centralized management for a security system that pursues to provide a ubiquitous multi-device platform for the arrangement of mobile payment services that demand a powerful security protocol, both for the access & authentication and execution of its applications. In this sense, Virtualization of Smart Cards (ViSCa) offers full interoperability and full access from any user device without any loss of security. The concept prevents possible attacks by third parties, guaranteeing the confidentiality of personal data, bank accounts or private financial information. The Virtualization of Smart Cards (ViSCa) concept is split in two different phases: the execution of the user authentication protocol on the user device and the cloud architecture that executes the secure application. Thus, the secure service access is guaranteed at anytime, anywhere and through any device supporting previously required security mechanisms. The security level is improved by using virtualization technology in the cloud. This virtualization technology is used terminal virtualization to virtualize smart card hardware and thrive to manage virtualized smart cards as a whole, through mobile cloud technology in Virtualization of Smart Cards (ViSCa) platform-based mobile payment service. This entire process is referred to as Smart Card as a Service (SCaaS). Virtualization of Smart Cards (ViSCa) platform-based mobile payment service virtualizes smart card, which is used as payment mean, and loads it in to the mobile cloud. Authentication takes place through application and helps log on to mobile cloud and chooses one of virtualized smart card as a payment method. To decide the scope of the research, which is comparing Virtualization of Smart Cards (ViSCa) platform-based mobile payment service with other similar cases, we categorized the prior researches' mobile payment service groups into distinct feature and service type. Both groups store credit card's data in the mobile device and settle the payment process at the offline market. By the location where the electronic financial transaction information (data) is stored, the groups can be categorized into two main service types. First is "App Method" which loads the data in the server connected to the application. Second "Mobile Card Method" stores its data in the Integrated Circuit (IC) chip, which holds financial transaction data, which is inbuilt in the mobile device secure element (SE). Through prior researches on accept factors of mobile payment service and its market environment, we came up with six key factors of comparative analysis which are economic, generality, security, convenience(ease of use), applicability and efficiency. Within the chosen group, we compared and analyzed the selected cases and Virtualization of Smart Cards (ViSCa) platform-based mobile payment service.

A remote device authentication scheme in M2M communications (M2M 통신에서 원격장치 인증 기법)

  • Lee, Song-Hee;Park, Nam-Sup;Lee, Keun-Ho
    • Journal of Digital Convergence
    • /
    • v.11 no.2
    • /
    • pp.309-316
    • /
    • 2013
  • Machine-to-machine (M2M) communication occurs when devices exchange information independent of human intervention. Prominent among the technical challenges to M2M communication are security issues, such as eavesdropping, spoofing, modification, and privacy violation. Hence, it is very important to establish secure communication. In this paper, we propose a remote authentication scheme, based on dynamic ID, which provides secure communication while avoiding exposure of data through authentication between the M2M domain and the network domain in the M2M architecture. We then prove the correctness and security of the proposed scheme using a logic-based formal method.

A Multi-User Authentication Scheme for a Smart Medication Management and Monitoring System (스마트 복약관리 및 모니터링 시스템에서 다중 사용자 인증 방법)

  • Kim, Beom-Joon
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.10 no.5
    • /
    • pp.571-578
    • /
    • 2015
  • Even though DOT (Directly Observed Treatment) is the most definite method for the patients who need a long-term medication, its implementation is almost impossible considering the manpower and economic cost for it. The smart medication management and monitoring system that has appeared as an alternative requires a device for its implementation. In this paper, we propose so-called a smart pillbox for the smart medication management and monitoring system and the multi-user authentication scheme for sharing the smart pillbox among the patients. Through the smart pillbox and the multi-user authentication scheme, it is expected that the recovery rate would be raised by enabling the patients to take medicine in both timely and correct manner.

Implementing a Light-Weight Authentication Protocol for Resource-Constraint Mobile Device in Ubiquitous Environment (유비쿼터스 환경에서 제한적인 능력을 갖는 이동장치를 위한 경량의 인증 프로토콜 구현)

  • Lim, Kyu-Sang;You, Il-Sun
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2007.06a
    • /
    • pp.823-826
    • /
    • 2007
  • In ubiquitous environment, mobile devices, which users carry, tend to be resource-constraint, thus resulting in the need for an authentication protocol, which provides light-weight computations as well as strong security. Recently S/Key based protocols, which satisfy such a requirement by achieving light-weight computations, strong authentication and session key exchange, have been proposed. In particular, You and Jung's protocol is more efficient and secure than others. In this paper, we compare and analyze You-Jung with other protocols. Also, we design an authentication scenario and status of mobile devices while implementing the protocol.

  • PDF

A Study on the Utilization of Biometric Authentication for Digital Signature in Electronic Financial Transactions: Technological and Legal Aspect (전자금융 거래 시 생체인증을 전자서명에 활용하기 위한 기술 및 법률에 관한 연구)

  • Song, Jae-Hun;Kim, In-Seok
    • The Journal of Society for e-Business Studies
    • /
    • v.21 no.4
    • /
    • pp.41-53
    • /
    • 2016
  • Today, leading smartphone manufacturers offer biometric technologies such as fingerprints, voice recognition, and iris patterns in their flagship models. These biometric technologies are used for authentication. Biometric authentications are widely used in device security and even in financial transaction. This paper examines cases where a user uses biometric authentication during financial transaction (both online and smartphone banking), and explains biometric for non-repudiation by digital signature. Finally, the paper also explains technical and legal requirements for biometric authentication in the area of financial services.

Improved Single Packet Authentication and Network Access Control Security Management in Software Defined Perimeter (소프트웨어 정의 경계의 단일 패킷 인증 및 네트워크 접근통제 보안관리 개선)

  • Jung, Jin-kyo;Lee, Sang-ku;Kim, Young-Min
    • The Journal of the Korea Contents Association
    • /
    • v.19 no.12
    • /
    • pp.407-415
    • /
    • 2019
  • As the IT environment changes with cloud computing and smart work, the existing perimeter security model is showing its limitations and Software Defined Perimeter is being discussed as an alternative. However, SDP Spec 1.0 does not specify the device registration procedure, policy distribution process and authentication key generation and sharing process.In this paper, we propose a method to solve the problem of SDP access control by improving the operation procedure of Single Packet Authentication. This paper suggests that the proposed method can implement a consistent and automated integrated access control policy compared to the existing access control methods.

Design of Electronic ID System Satisfying Security Requirements of Authentication Certificate Using Fingerprint Recognition (지문 인식을 이용하여 공인인증서의 보안 요건을 만족하는 전자 신분증 시스템의 설계)

  • Lee, Chongho;Lee, Seongsoo
    • Journal of IKEEE
    • /
    • v.19 no.4
    • /
    • pp.610-616
    • /
    • 2015
  • In this paper, an electronic ID system satisfying security requirements of authentication certificate was designed using fingerprint recognition. The proposed electronic ID system generates a digital signature with forgery prevention, confidentiality, content integrity, and personal identification (=non-repudiation) using fingerprint information, and also encrypts, sends, and verify it. The proposed electronic ID system exploits fingerprint instead of user password, so it avoids leakage and hijacking. And it provides same legal force as conventional authentication certificate. The proposed electronic ID consists of 4 modules, i.e. HSM device, verification server, CA server, and RA client. Prototypes of all modules are designed and verified to have correct operation.

Draft Design of 2-Factor Authentication Technique for NFC-based Security-enriched Electronic Payment System (보안 강화를 위한 NFC 기반 전자결제 시스템의 2 팩터 인증 기술의 초안 설계)

  • Cha, ByungRae;Choi, MyeongSoo;Park, Sun;Kim, JongWon
    • Smart Media Journal
    • /
    • v.5 no.2
    • /
    • pp.77-83
    • /
    • 2016
  • Today, the great revolution in all financial industrial such as bank have been progressing through the utilization of IT technology actively, it is called the fintech. In this paper, we draw the draft design of NFC-based electronic payment and coupon system using FIDO framework to apply the 2 factor authentication technique for strength security. In detailed, we will study that the terminal device in front-end will be applied the 2 factor authentication and electric signature, and cloud-based payment gateway in back-end will be applied malicious code detection technique of distributed avoidance type.